VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-1576
content_services_switch_11500, ace_4710: The Cisco Content Services Switch (CSS) 11500 with ...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1576

Original

The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers,...

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-07-06
Source Information Category:
Advisory, Alert
Last Updated:
2010-07-06




Affected Product Tags
cpe:/h:cisco:ace_4710:a1%282.0%29
cpe:/h:cisco:ace_4710:a1%288.0%29
cpe:/h:cisco:ace_4710:a3%282.5%29 and previous versions
cpe:/h:cisco:content_services_switch_11500:08.20.1.01
cpe:/h:cisco:content_services_switch_11500:8.20.0.01
cpe:/h:cisco:content_services_switch_11500:8.20.1.01
cpe:/h:cisco:content_services_switch_11500:8.20.2.01
cpe:/h:cisco:content_services_switch_11500:8.20.3.03 and previous versions
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
Alternatives




References
BID 41315




BUGTRAQ 20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities




MISC http://www.vsecurity.com/resources/advisory/20100702-1/




SECTRACK 1024168




SECTRACK 1024167




Vulnerability Type Input Validation (CWE-20)




Copyright © 2010 JPCERT/CC All Rights Reserved.