0 Results Found
            Back To Results
              Advisory

              Cisco ASA HTTP Response Splitting Vulnerability

              Advisory ID: SWRX-2010-001


              Advisory Information
              • Title: Cisco ASA HTTP Response Splitting Vulnerability
              • Advisory ID: SWRX-2010-001
              • Date published: Thursday, June 24, 2010
              • CVE: CVE-2008-7257
              • CVSS v2 Base Score: 5 (Medium) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
              • Date of last update: Thursday, June 24, 2010
              • Vendors contacted: Cisco Systems, Inc.
              • Release mode: Coordinated release
              • Discovered by: Daniel King, SecureWorks

              Summary
              Cisco Adaptive Security Appliance (ASA) is vulnerable to HTTP response splitting caused by improper validation of user–supplied input. A remote attacker could exploit this vulnerability using a specially–crafted URL to execute script in a victim's web browser within the security context of the Adaptive Security Appliance site.

              Download the PDF

              PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

              SecureWorks CTU Public Key

              Related Content