0 Results Found
              Back To Results
                Advisories

                Cisco ASA HTTP Response Splitting Vulnerability

                Advisory ID: SWRX-2010-001


                Advisory Information
                • Title: Cisco ASA HTTP Response Splitting Vulnerability
                • Advisory ID: SWRX-2010-001
                • Date published: Thursday, June 24, 2010
                • CVE: CVE-2008-7257
                • CVSS v2 Base Score: 5 (Medium) (AV:N/AC:L/Au:N/C:N/I:P/A:N)
                • Date of last update: Thursday, June 24, 2010
                • Vendors contacted: Cisco Systems, Inc.
                • Release mode: Coordinated release
                • Discovered by: Daniel King, SecureWorks

                Summary
                Cisco Adaptive Security Appliance (ASA) is vulnerable to HTTP response splitting caused by improper validation of user–supplied input. A remote attacker could exploit this vulnerability using a specially–crafted URL to execute script in a victim's web browser within the security context of the Adaptive Security Appliance site.

                Download the PDF

                PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

                SecureWorks CTU Public Key

                Related Content