CVE-2022-35507

EPSS 14.33% · P94 Updated Apr 29, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-35507

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Proxmox pve-http-server 注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

pve-http-server是Proxmox开源的一个虚拟化环境库。 Proxmox pve-http-server 存在安全漏洞，该漏洞源于Web界面中的响应标头存在CRLF注入漏洞，允许远程攻击者为受害者的浏览器设置比服务器预期更长的 cookie，从而导致客户端DoS。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2022-35507

#	POC Description	Source Link	Shenlong Link
1	A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-35507.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-35507

请登录查看更多情报信息。

Same Patch Batch · n/a · 2022-12-04 · 9 CVEs total

CVE-2022-46414	9.8 CRITICAL	Veritas Technologies NetBackup Flex Scale 安全漏洞
CVE-2022-46410	8.8 HIGH	Veritas Technologies NetBackup Flex Scale 安全漏洞
CVE-2022-46411	8.8 HIGH	Veritas Technologies NetBackup Flex Scale 授权问题漏洞
CVE-2022-46412	8.8 HIGH	Veritas Technologies NetBackup Flex Scale 安全漏洞
CVE-2022-46413	8.8 HIGH	Veritas Technologies NetBackup Flex Scale 安全漏洞
CVE-2022-35508		Proxmox pve-http-server 代码问题漏洞
CVE-2022-46391		AWStats 跨站脚本漏洞
CVE-2022-46405		Mastodon 安全漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2022-35507

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-35507

I. Basic Information for CVE-2022-35507

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-35507

III. Intelligence Information for CVE-2022-35507

Same Patch Batch · n/a · 2022-12-04 · 9 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-35507

Leave a comment