cnvd - cnvd-2017-09584

cnvd-2017-09584

Vulnerability from cnvd

Title: OpenVPN Access Server CRLF注入漏洞

Description:

OpenVPN是美国OpenVPN公司的一个用于创建虚拟专用网络（VPN）加密通道的软件包，它使用OpenSSL库来加密数据与控制信息。OpenVPN Access Server是OpenVPN的商业收费版本。

OpenVPN Access Server 存在CRLF注入漏洞。攻击者可以利用该漏洞向web网页添加任意头部并发起进一步的攻击。

Severity: 中

Formal description:

目前没有详细的解决方案提供： http://seclists.org/oss-sec/2017/q2/332

Reference: http://www.securityfocus.com/bid/98622

Impacted products

Name
OpenVPN Access Server 2.1.4

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "98622"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-5868",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5868"
    }
  },
  "description": "OpenVPN\u662f\u7f8e\u56fdOpenVPN\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8e\u521b\u5efa\u865a\u62df\u4e13\u7528\u7f51\u7edc\uff08VPN\uff09\u52a0\u5bc6\u901a\u9053\u7684\u8f6f\u4ef6\u5305\uff0c\u5b83\u4f7f\u7528OpenSSL\u5e93\u6765\u52a0\u5bc6\u6570\u636e\u4e0e\u63a7\u5236\u4fe1\u606f\u3002OpenVPN Access Server\u662fOpenVPN\u7684\u5546\u4e1a\u6536\u8d39\u7248\u672c\u3002\r\n\r\nOpenVPN Access Server \u5b58\u5728CRLF\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u5411web\u7f51\u9875\u6dfb\u52a0\u4efb\u610f\u5934\u90e8\u5e76\u53d1\u8d77\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\u3002",
  "discovererName": "Sydream Labs.",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://seclists.org/oss-sec/2017/q2/332",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-09584",
  "openTime": "2017-06-16",
  "products": {
    "product": "OpenVPN Access Server 2.1.4"
  },
  "referenceLink": "http://www.securityfocus.com/bid/98622",
  "serverity": "\u4e2d",
  "submitTime": "2017-05-24",
  "title": "OpenVPN Access Server CRLF\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2017-5868 (GCVE-0-2017-5868)

Vulnerability from cvelistv5

Published

2017-05-25 19:00

Modified

2024-08-05 15:11

Severity ?

CWE

Summary

CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to __session_start__/.

References

▼	URL	Tags
	https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/	x_refsource_MISC
	http://www.securitytracker.com/id/1038547	vdb-entry, x_refsource_SECTRACK
	http://www.openwall.com/lists/oss-security/2017/05/23/13	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:11:48.722Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/"
          },
          {
            "name": "1038547",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038547"
          },
          {
            "name": "[oss-security] 20170523 [CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/05/23/13"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-05-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via \"%0A\" characters in the PATH_INFO to __session_start__/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-25T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/"
        },
        {
          "name": "1038547",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038547"
        },
        {
          "name": "[oss-security] 20170523 [CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/05/23/13"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-5868",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via \"%0A\" characters in the PATH_INFO to __session_start__/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/",
              "refsource": "MISC",
              "url": "https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/"
            },
            {
              "name": "1038547",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038547"
            },
            {
              "name": "[oss-security] 20170523 [CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2017/05/23/13"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-5868",
    "datePublished": "2017-05-25T19:00:00",
    "dateReserved": "2017-02-02T00:00:00",
    "dateUpdated": "2024-08-05T15:11:48.722Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted