CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 1CVE-2010-1576
https://notcve.org/view.php?id=CVE-2010-1576
The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885. El Content Services Switch Cisco (CSS) 11500 con software anterios a v8.20.4.02 y el Application Control Engine (ACE) 4710 con software anterior a vA2(3.0) no gestiona adecuadamente el uso de LF, CR y LFCR como alternativas a la secuencia estandar CRLF entre cabeceras HTTP, lo cual permite a los atacantes remotos evitar las restricciones de inserciones de cabecera HTTP o llevar a cabo ataques de contrabando a través de cabeceras de datos manipuladas, como lo demuestra el caracter LF precediendo a las cabeceras ClientCert-Subject y ClientCert-Subject-CN, también conocido como Bug ID CSCta04885. • http://osvdb.org/66092 http://securitytracker.com/id?1024167 http://securitytracker.com/id?1024168 http://www.securityfocus.com/archive/1/512144/100/0/threaded http://www.securityfocus.com/bid/41315 http://www.vsecurity.com/resources/advisory/20100702-1 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0625
https://notcve.org/view.php?id=CVE-2009-0625
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet. Vulnerabilidad no especificada en "Cisco ACE Application Control Engine Module" para Switches Catalyst 6500 y routers anteriores A1(v1.2) y Cisco ACE 4710 "Application Control Engine Appliance" anteriores A1(8.0), permite a atacantes remotos provocar una denegación de servicio (recarga de dispositivo) a través de un paquete SNMPv3 manipulada. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml http://www.securityfocus.com/bid/33900 http://www.securitytracker.com/id?1021769 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2009-0622
https://notcve.org/view.php?id=CVE-2009-0622
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI). Vulnerabilidad no especificada en Cisco ACE Application Control Engine Module para Catalyst 6500 Switches y 7600 Routers anterior a A2(1.2) y Cisco ACE 4710 Application Control Engine Appliance anterior a A1(8a), permite a usuarios autenticados en remoto ejecutar comandos de su elección del sistema-operativo a través de una interfaz de línea de comandos (CLI). • http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml http://www.securityfocus.com/bid/33900 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2009-0623
https://notcve.org/view.php?id=CVE-2009-0623
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet. Vulnerabilidad no especificada en "Cisco ACE Application Control Engine Module" para Catalyst 6500 Switches y 7600 Routers anteriores A2(1.3) y Cisco ACE 4710 Application Control Engine Appliance anteriores a A3(2.1) que permite a los atacantes remotos causar una denegación de servicio (reinicio del dispositivo) a través de un paquete SSH manipulado. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml http://www.securityfocus.com/bid/33900 •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2009-0624
https://notcve.org/view.php?id=CVE-2009-0624
Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet. Vulnerabilidad no especificada en la implementación SNMPv2c en Cisco ACE Application Control Engine Module para Catalyst 6500 Switches y 7600 Routers anteriores a A2(1.3) y Cisco ACE 4710 Application Control Engine Appliance anteior a A3(2.1); permite a atacantes remotos provocar una denegación de servicio (reinicio del dispositivo) a través de un paquete SNMPv1 manipulado. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml http://www.securityfocus.com/bid/33900 http://www.securitytracker.com/id?1021769 •