cnvd - cnvd-2017-09584

CNVD-2017-09584

Vulnerability from cnvd - Published: 2017-06-16

Title

OpenVPN Access Server CRLF注入漏洞

Description

OpenVPN是美国OpenVPN公司的一个用于创建虚拟专用网络（VPN）加密通道的软件包，它使用OpenSSL库来加密数据与控制信息。OpenVPN Access Server是OpenVPN的商业收费版本。 OpenVPN Access Server 存在CRLF注入漏洞。攻击者可以利用该漏洞向web网页添加任意头部并发起进一步的攻击。

Severity

中

Formal description

目前没有详细的解决方案提供： http://seclists.org/oss-sec/2017/q2/332

Reference

http://www.securityfocus.com/bid/98622

Impacted products

Name
OpenVPN Access Server 2.1.4

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "98622"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-5868",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5868"
    }
  },
  "description": "OpenVPN\u662f\u7f8e\u56fdOpenVPN\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8e\u521b\u5efa\u865a\u62df\u4e13\u7528\u7f51\u7edc\uff08VPN\uff09\u52a0\u5bc6\u901a\u9053\u7684\u8f6f\u4ef6\u5305\uff0c\u5b83\u4f7f\u7528OpenSSL\u5e93\u6765\u52a0\u5bc6\u6570\u636e\u4e0e\u63a7\u5236\u4fe1\u606f\u3002OpenVPN Access Server\u662fOpenVPN\u7684\u5546\u4e1a\u6536\u8d39\u7248\u672c\u3002\r\n\r\nOpenVPN Access Server \u5b58\u5728CRLF\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u5411web\u7f51\u9875\u6dfb\u52a0\u4efb\u610f\u5934\u90e8\u5e76\u53d1\u8d77\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\u3002",
  "discovererName": "Sydream Labs.",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://seclists.org/oss-sec/2017/q2/332",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-09584",
  "openTime": "2017-06-16",
  "products": {
    "product": "OpenVPN Access Server 2.1.4"
  },
  "referenceLink": "http://www.securityfocus.com/bid/98622",
  "serverity": "\u4e2d",
  "submitTime": "2017-05-24",
  "title": "OpenVPN Access Server CRLF\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2017-5868 (GCVE-0-2017-5868)

Vulnerability from cvelistv5 – Published: 2017-05-25 19:00 – Updated: 2024-08-05 15:11

Summary

CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to __session_start__/.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://sysdream.com/news/lab/2017-05-05-cve-2017…	x_refsource_MISC
	http://www.securitytracker.com/id/1038547	vdb-entryx_refsource_SECTRACK
	http://www.openwall.com/lists/oss-security/2017/0…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:11:48.722Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/"
          },
          {
            "name": "1038547",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038547"
          },
          {
            "name": "[oss-security] 20170523 [CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/05/23/13"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-05-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via \"%0A\" characters in the PATH_INFO to __session_start__/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-25T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/"
        },
        {
          "name": "1038547",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038547"
        },
        {
          "name": "[oss-security] 20170523 [CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/05/23/13"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-5868",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via \"%0A\" characters in the PATH_INFO to __session_start__/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/",
              "refsource": "MISC",
              "url": "https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/"
            },
            {
              "name": "1038547",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038547"
            },
            {
              "name": "[oss-security] 20170523 [CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2017/05/23/13"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-5868",
    "datePublished": "2017-05-25T19:00:00",
    "dateReserved": "2017-02-02T00:00:00",
    "dateUpdated": "2024-08-05T15:11:48.722Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-09584

CVE-2017-5868 (GCVE-0-2017-5868)

Tags

Sightings

Nomenclature