Advisories

Cisco ASA HTTP Response Splitting Vulnerability

Thursday, June 24, 2010

Advisory ID: SWRX-2010-001

Advisory Information

Title: Cisco ASA HTTP Response Splitting Vulnerability
Advisory ID: SWRX-2010-001
Date published: Thursday, June 24, 2010
CVE: CVE-2008-7257
CVSS v2 Base Score: 5 (Medium) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Date of last update: Thursday, June 24, 2010
Vendors contacted: Cisco Systems, Inc.
Release mode: Coordinated release
Discovered by: Daniel King, SecureWorks

Summary
Cisco Adaptive Security Appliance (ASA) is vulnerable to HTTP response splitting caused by improper validation of user–supplied input. A remote attacker could exploit this vulnerability using a specially–crafted URL to execute script in a victim's web browser within the security context of the Adaptive Security Appliance site.

Download the PDF

PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

SecureWorks CTU Public Key

Cisco ASA HTTP Response Splitting Vulnerability

Advisory ID: SWRX-2010-001

Related Content

State of the [BRONZE] UNION Snapshot

A Peek into BRONZE UNION’s Toolbox

Vulnerability in ShoreTel Conferencing Platform