CVE-2017-5868
CVE-2017-5868
Vexday Risk Score
18Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS —EPSS 4.6%KEV nãoPoC —Nuclei simMetasploit —Patch —
Ciclo de vida
25 may 2017Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to __session_start__/.
Productos afectados
n/a · n/a