CVE-2015-0747

Published: 30/05/2015 Updated: 04/01/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote malicious users to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco headend system release 2.7
cisco videoscape conductor 3.0
cisco headend system release 3.7
cisco headend system release 3.5
cisco headend system release i4.3
cisco headend system release 3.2
cisco headend digital broadband delivery system -
cisco headend system release 2.5

A vulnerability in the Cisco Conductor for Videoscape and Cisco Headend System Releases could allow an unauthenticated, remote attacker to inject arbitrary HTTP cookies via an HTTP request The vulnerability is due to improper input validation of an HTTP request header An attacker could exploit this vulnerability by sending a crafted HTTP request ...

CWE-20 http://tools.cisco.com/security/center/viewAlert.x?alertId=38945 http://www.securitytracker.com/id/1032447 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150529-CVE-2015-0747

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-0747

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect