VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-2629
content_services_switch_11500, ace_4710: The Cisco Content Services Switch (CSS) 11500 with ...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2629

Original

The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vu...

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-07-06
Source Information Category:
Advisory, Alert
Last Updated:
2010-07-07




Affected Product Tags
cpe:/h:cisco:ace_4710:a1%282.0%29
cpe:/h:cisco:ace_4710:a1%288.0%29
cpe:/h:cisco:ace_4710:a3%282.5%29 and previous versions
cpe:/h:cisco:content_services_switch_11500:08.20.1.01
cpe:/h:cisco:content_services_switch_11500:8.20.0.01
cpe:/h:cisco:content_services_switch_11500:8.20.1.01
cpe:/h:cisco:content_services_switch_11500:8.20.2.01
cpe:/h:cisco:content_services_switch_11500:8.20.3.03 and previous versions
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
Alternatives




References
BID 41315




BUGTRAQ 20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities




MISC http://www.vsecurity.com/resources/advisory/20100702-1/




SECTRACK 1024168




SECTRACK 1024167




Vulnerability Type Input Validation (CWE-20)




Copyright © 2010 JPCERT/CC All Rights Reserved.