CVE-2022-42897 An unauthenticated command injection allows privilege escalation and control of the system.
You can be exploited by creating a link with a malicious URL, e.g. a href=“https://example.com/malicious-file.html”>https://example.com/malicious-file.html/a> The vulnerability lies in the Apache module mod_status. When it doesn’t accept the HTTP response, it tries to parse the HTML code. If you send a specially crafted URL, the code will try to parse the code and execute it. The following code can be used to execute arbitrary commands. a href=“https://example.com/malicious-file.html”> script> var x = new XMLHttpRequest(); x.onload = function() { var statusCode = x.responseText.substring(x.responseText.indexOf('code>') + 1); if (statusCode !== '200') { var body = 'script>' + 'var x = new XMLHttpRequest();' + 'x.onload = function() {' + ' var statusCode = x.responseText.substring(x.responseText.indexOf('code>') + 1);' + ' if (statusCode !== '200') {' + ' var body = 'script>' + ' ' + ' var x = new XMLHttpRequest();' + ' x.onload = function() {' +
Vulnerable code (1)
Timeline
Published on: 10/13/2022 00:15:00 UTC
Last modified on: 10/13/2022 17:27:00 UTC
References
- https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_Remote_Injection_Vulnerability_in_Array_VPN_Product_ID-11961_%20V2.1.pdf
- https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/fieldnotices.html
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42897