Advisory ID: SWRX-2010-001

Advisory Information
  • Title: Cisco ASA HTTP Response Splitting Vulnerability
  • Advisory ID: SWRX-2010-001
  • Date published: Thursday, June 24, 2010
  • CVE: CVE-2008-7257
  • CVSS v2 Base Score: 5 (Medium) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
  • Date of last update: Thursday, June 24, 2010
  • Vendors contacted: Cisco Systems, Inc.
  • Release mode: Coordinated release
  • Discovered by: Daniel King, SecureWorks

Cisco Adaptive Security Appliance (ASA) is vulnerable to HTTP response splitting caused by improper validation of user–supplied input. A remote attacker could exploit this vulnerability using a specially–crafted URL to execute script in a victim's web browser within the security context of the Adaptive Security Appliance site.

Download the PDF

PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

SecureWorks CTU Public Key