3 matches found
OpenVPN Access Server 2.1.4 - CRLF Injection
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATHINFO to sessionstart/. id:...
OpenVPN Access Server 2.1.4 CRLF Injection
OpenVPN Access Server : CRLF injection with Session fixation Description OpenVPN Access Server is a full featured secure network tunneling VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client...
Ubiquiti Inc.: CRLF Injection on openvpn.svc.ubnt.com
The researcher reported the vulnerability CVE-2017-5868 in one of our server, it got promptly mitigated, once no oficial patch was available at the time of submit. Ubiquiti's employee VPN server was vulnerable to CVE-2017-5868, the issue was reported to them by me and quickly patched. Thank you...