Advisory ID: SWRX-2010-001
Advisory Information- Title: Cisco ASA HTTP Response Splitting Vulnerability
- Advisory ID: SWRX-2010-001
- Date published: Thursday, June 24, 2010
- CVE: CVE-2008-7257
- CVSS v2 Base Score: 5 (Medium) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
- Date of last update: Thursday, June 24, 2010
- Vendors contacted: Cisco Systems, Inc.
- Release mode: Coordinated release
- Discovered by: Daniel King, SecureWorks
Summary
Cisco Adaptive Security Appliance (ASA) is vulnerable to HTTP response splitting caused by improper validation of user–supplied input. A remote attacker could exploit this vulnerability using a specially–crafted URL to execute script in a victim's web browser within the security context of the Adaptive Security Appliance site.
PGP Signature (PC Users: You may need to right click your mouse and select "Save As")
Secureworks has been acquired by Sophos. To view all new blogs, including those on threat intelligence from the Counter Threat Unit, visit: https://news.sophos.com/en-us/.