A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote malicious user to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. An exploit could allow the malicious user to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits. Cisco Bug IDs: CSCvf16705.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco email security appliance firmware 10.0.2-020 |
||
cisco email security appliance firmware 11.0.0-105 |