cbcvebase.
CVE-2022-35507
published 2022-12-04

CVE-2022-35507: A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker…

PriorityP341high7.1CVSS 3.1
AVNACLPRNUIRSUCNILAH
EXPLOIT
EPSS
1.38%
68.7th percentile
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3.

Affected

1 ranges
VendorProductVersion rangeFixed in
proxmoxpve_http_server< 4.1-34.1-3
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.