Advisories

Cisco ASA HTTP Response Splitting Vulnerability

Thursday, June 24, 2010

Advisory ID: SWRX-2010-001

Advisory Information

Title: Cisco ASA HTTP Response Splitting Vulnerability
Advisory ID: SWRX-2010-001
Date published: Thursday, June 24, 2010
CVE: CVE-2008-7257
CVSS v2 Base Score: 5 (Medium) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Date of last update: Thursday, June 24, 2010
Vendors contacted: Cisco Systems, Inc.
Release mode: Coordinated release
Discovered by: Daniel King, SecureWorks

Summary
Cisco Adaptive Security Appliance (ASA) is vulnerable to HTTP response splitting caused by improper validation of user–supplied input. A remote attacker could exploit this vulnerability using a specially–crafted URL to execute script in a victim's web browser within the security context of the Adaptive Security Appliance site.

Download the PDF

PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

SecureWorks CTU Public Key

Introducing Red Cloak™ Threat Detection & Response Webcast

BY INDUSTRY

2019 Gartner Magic Quadrant for Managed Security Services, Worldwide

Digital Transformation Executive Report

Has Poor Cyber Hygiene Reached Crisis Point?

Hiring superstars

Cisco ASA HTTP Response Splitting Vulnerability

Advisory ID: SWRX-2010-001

Related Content

State of the [BRONZE] UNION Snapshot

A Peek into BRONZE UNION’s Toolbox

Vulnerability in ShoreTel Conferencing Platform