Cisco ASA HTTP Response Splitting Vulnerability
Advisory ID: SWRX-2010-001Advisory Information
- Title: Cisco ASA HTTP Response Splitting Vulnerability
- Advisory ID: SWRX-2010-001
- Date published: Thursday, June 24, 2010
- CVE: CVE-2008-7257
- CVSS v2 Base Score: 5 (Medium) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
- Date of last update: Thursday, June 24, 2010
- Vendors contacted: Cisco Systems, Inc.
- Release mode: Coordinated release
- Discovered by: Daniel King, SecureWorks
Cisco Adaptive Security Appliance (ASA) is vulnerable to HTTP response splitting caused by improper validation of user–supplied input. A remote attacker could exploit this vulnerability using a specially–crafted URL to execute script in a victim's web browser within the security context of the Adaptive Security Appliance site.
PGP Signature (PC Users: You may need to right click your mouse and select "Save As")