Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2010-1576

Published: 06/07/2010 Updated: 10/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Content Services Switch 11500

Vulnerability Summary

The Cisco Content Services Switch (CSS) 11500 with software prior to 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote malicious users to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco content services switch 11500 8.20.0.01

cisco content services switch 11500 08.20.1.01

cisco content services switch 11500

cisco content services switch 11500 8.20.2.01

cisco content services switch 11500 8.20.1.01

cisco ace 4710 a1\\(8.0\\)

cisco ace 4710 a1\\(2.0\\)

cisco ace 4710

Exploits

Exploit DB: Multiple Cisco CSS / ACE Client Certificate And HTTP Header Manipulation Vulnerabilities
Virtual Security Research, LLC Security Advisory - VSR identified multiple weaknesses in the Cisco CSS 11500's handling of HTTP header interpretation and client-side SSL certificates ...

References

CWE-20http://www.vsecurity.com/resources/advisory/20100702-1/http://securitytracker.com/id?1024168http://securitytracker.com/id?1024167http://www.securityfocus.com/bid/41315http://osvdb.org/66092http://www.securityfocus.com/archive/1/512144/100/0/threadedhttps://nvd.nist.govhttps://packetstormsecurity.com/files/91436/Multiple-Cisco-CSS-ACE-Client-Certificate-And-HTTP-Header-Manipulation-Vulnerabilities.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook