{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-02T04:42:01.344","vulnerabilities":[{"cve":{"id":"CVE-2022-35507","sourceIdentifier":"cve@mitre.org","published":"2022-12-04T19:15:09.850","lastModified":"2026-06-17T04:51:54.040","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3."},{"lang":"es","value":"Una vulnerabilidad de inyección CRLF de encabezado de respuesta en la interfaz web Proxmox Virtual Environment (PVE) y Proxmox Mail Gateway (PMG) permite a un atacante remoto configurar cookies para el navegador de una víctima que son más largas de lo que espera el servidor, lo que provoca un DoS del lado del cliente. Esto afecta a los navegadores basados en Chromium porque permiten la inyección de encabezados de respuesta con %0d. Esto se solucionó en pve-http-server 4.1-3."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-24T15:22:29.813282Z","id":"CVE-2022-35507","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:proxmox:proxmox_mail_gateway:-:*:*:*:*:*:*:*","matchCriteriaId":"F9F113EE-EBBD-4045-A484-A140DFF23481"},{"vulnerable":true,"criteria":"cpe:2.3:a:proxmox:pve_http_server:*:*:*:*:*:*:*:*","versionEndExcluding":"4.1-3","matchCriteriaId":"A8D79E9B-8BD2-474C-BA09-16CCE2852818"},{"vulnerable":true,"criteria":"cpe:2.3:a:proxmox:virtual_environment:-:*:*:*:*:*:*:*","matchCriteriaId":"27813454-BC59-4D19-B608-A95E754F60EA"}]}]}],"references":[{"url":"https://git.proxmox.com/?p=pve-http-server.git%3Ba=commitdiff%3Bh=936007ae0241811093155000486da171379c23c2","source":"cve@mitre.org"},{"url":"https://starlabs.sg/blog/2022/12-multiple-vulnerabilites-in-proxmox-ve--proxmox-mail-gateway/","source":"cve@mitre.org","tags":["Exploit","Patch","Technical Description","Third Party Advisory"]},{"url":"https://git.proxmox.com/?p=pve-http-server.git%3Ba=commitdiff%3Bh=936007ae0241811093155000486da171379c23c2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://starlabs.sg/blog/2022/12-multiple-vulnerabilites-in-proxmox-ve--proxmox-mail-gateway/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Technical Description","Third Party Advisory"]}]}}]}