Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2010-1575

Published: 06/07/2010 Updated: 10/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Content Services Switch 11500

Vulnerability Summary

The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote malicious users to bypass authentication via crafted header data, as demonstrated by a ClientCert-Subject-CN header, aka Bug ID CSCsz04690.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco content services switch 11500 08.20.1.01

Vendor Advisories

Cisco: Cisco CSS Content Services Switch and ACE Application Control Engine HTTP SSL Header Spoofing Vulnerability
Cisco CSS Content Services Switch (CSS), SSL Services Module (SSLM), and ACE Application Control Engine (ACE) contain a vulnerability that could allow an authenticated, remote attacker to insert spoofed SSL headers into HTTP requests The vulnerability exists because the affected products weakly enforce authority in HTTP certificate headers when pe ...

Exploits

Exploit DB: Multiple Cisco CSS / ACE Client Certificate And HTTP Header Manipulation Vulnerabilities
Virtual Security Research, LLC Security Advisory - VSR identified multiple weaknesses in the Cisco CSS 11500's handling of HTTP header interpretation and client-side SSL certificates ...

References

CWE-264http://www.vsecurity.com/resources/advisory/20100702-1/http://www.securityfocus.com/bid/41315http://securitytracker.com/id?1024167http://osvdb.org/66091http://www.securityfocus.com/archive/1/512144/100/0/threadedhttps://nvd.nist.govhttps://packetstormsecurity.com/files/91436/Multiple-Cisco-CSS-ACE-Client-Certificate-And-HTTP-Header-Manipulation-Vulnerabilities.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20100702-CVE-2010-1575
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook