CVEs-PoC/2017/CVE-2017-5868.md at main

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-04-21 14:06:08 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

871 B

Raw Permalink Blame History

CVE-2017-5868

Description

CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to session_start/.

POC

Reference

https://hackerone.com/reports/231508
https://hackerone.com/reports/232327

Github

https://github.com/20142995/nuclei-templates
https://github.com/cyb3r-w0lf/nuclei-template-collection

871 B Raw Permalink Blame History

CVE-2017-5868

Description

POC

Reference

Github

871 B

Raw Permalink Blame History