4.3
CVSSv2

CVE-2015-0747

Published: 30/05/2015 Updated: 04/01/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote malicious users to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco headend system release 2.7

cisco videoscape conductor 3.0

cisco headend system release 3.7

cisco headend system release 3.5

cisco headend system release i4.3

cisco headend system release 3.2

cisco headend digital broadband delivery system -

cisco headend system release 2.5

Vendor Advisories

A vulnerability in the Cisco Conductor for Videoscape and Cisco Headend System Releases could allow an unauthenticated, remote attacker to inject arbitrary HTTP cookies via an HTTP request The vulnerability is due to improper input validation of an HTTP request header An attacker could exploit this vulnerability by sending a crafted HTTP request ...