// For flags

CVE-2010-1576

 

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885.

El Content Services Switch Cisco (CSS) 11500 con software anterios a v8.20.4.02 y el Application Control Engine (ACE) 4710 con software anterior a vA2(3.0) no gestiona adecuadamente el uso de LF, CR y LFCR como alternativas a la secuencia estandar CRLF entre cabeceras HTTP, lo cual permite a los atacantes remotos evitar las restricciones de inserciones de cabecera HTTP o llevar a cabo ataques de contrabando a través de cabeceras de datos manipuladas, como lo demuestra el caracter LF precediendo a las cabeceras ClientCert-Subject y ClientCert-Subject-CN, también conocido como Bug ID CSCta04885.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-04-27 CVE Reserved
  • 2010-07-03 CVE Published
  • 2024-01-15 EPSS Updated
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Content Services Switch 11500
Search vendor "Cisco" for product "Content Services Switch 11500"
 <= 8.20.3.03
Search vendor "Cisco" for product "Content Services Switch 11500" and version " <= 8.20.3.03"
-
Affected
Cisco
Search vendor "Cisco"
 Content Services Switch 11500
Search vendor "Cisco" for product "Content Services Switch 11500"
 8.20.0.01
Search vendor "Cisco" for product "Content Services Switch 11500" and version "8.20.0.01"
-
Affected
Cisco
Search vendor "Cisco"
 Content Services Switch 11500
Search vendor "Cisco" for product "Content Services Switch 11500"
 08.20.1.01
Search vendor "Cisco" for product "Content Services Switch 11500" and version "08.20.1.01"
-
Affected
Cisco
Search vendor "Cisco"
 Content Services Switch 11500
Search vendor "Cisco" for product "Content Services Switch 11500"
 8.20.1.01
Search vendor "Cisco" for product "Content Services Switch 11500" and version "8.20.1.01"
-
Affected
Cisco
Search vendor "Cisco"
 Content Services Switch 11500
Search vendor "Cisco" for product "Content Services Switch 11500"
 8.20.2.01
Search vendor "Cisco" for product "Content Services Switch 11500" and version "8.20.2.01"
-
Affected
Cisco
Search vendor "Cisco"
 Ace 4710
Search vendor "Cisco" for product "Ace 4710"
 <= a3\(2.5\)
Search vendor "Cisco" for product "Ace 4710" and version " <= a3\(2.5\)"
-
Affected
Cisco
Search vendor "Cisco"
 Ace 4710
Search vendor "Cisco" for product "Ace 4710"
 a1\(2.0\)
Search vendor "Cisco" for product "Ace 4710" and version "a1\(2.0\)"
-
Affected
Cisco
Search vendor "Cisco"
 Ace 4710
Search vendor "Cisco" for product "Ace 4710"
 a1\(8.0\)
Search vendor "Cisco" for product "Ace 4710" and version "a1\(8.0\)"
-
Affected