CVE-2010-1576
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885.
El Content Services Switch Cisco (CSS) 11500 con software anterios a v8.20.4.02 y el Application Control Engine (ACE) 4710 con software anterior a vA2(3.0) no gestiona adecuadamente el uso de LF, CR y LFCR como alternativas a la secuencia estandar CRLF entre cabeceras HTTP, lo cual permite a los atacantes remotos evitar las restricciones de inserciones de cabecera HTTP o llevar a cabo ataques de contrabando a través de cabeceras de datos manipuladas, como lo demuestra el caracter LF precediendo a las cabeceras ClientCert-Subject y ClientCert-Subject-CN, también conocido como Bug ID CSCta04885.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-04-27 CVE Reserved
- 2010-07-03 CVE Published
- 2024-01-15 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://osvdb.org/66092 | Vdb Entry | |
http://securitytracker.com/id?1024167 | Vdb Entry | |
http://securitytracker.com/id?1024168 | Vdb Entry | |
http://www.securityfocus.com/archive/1/512144/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/41315 | Vdb Entry |
URL | Date | SRC |
---|---|---|
http://www.vsecurity.com/resources/advisory/20100702-1 | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Content Services Switch 11500 Search vendor "Cisco" for product "Content Services Switch 11500" | <= 8.20.3.03 Search vendor "Cisco" for product "Content Services Switch 11500" and version " <= 8.20.3.03" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Content Services Switch 11500 Search vendor "Cisco" for product "Content Services Switch 11500" | 8.20.0.01 Search vendor "Cisco" for product "Content Services Switch 11500" and version "8.20.0.01" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Content Services Switch 11500 Search vendor "Cisco" for product "Content Services Switch 11500" | 08.20.1.01 Search vendor "Cisco" for product "Content Services Switch 11500" and version "08.20.1.01" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Content Services Switch 11500 Search vendor "Cisco" for product "Content Services Switch 11500" | 8.20.1.01 Search vendor "Cisco" for product "Content Services Switch 11500" and version "8.20.1.01" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Content Services Switch 11500 Search vendor "Cisco" for product "Content Services Switch 11500" | 8.20.2.01 Search vendor "Cisco" for product "Content Services Switch 11500" and version "8.20.2.01" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ace 4710 Search vendor "Cisco" for product "Ace 4710" | <= a3\(2.5\) Search vendor "Cisco" for product "Ace 4710" and version " <= a3\(2.5\)" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ace 4710 Search vendor "Cisco" for product "Ace 4710" | a1\(2.0\) Search vendor "Cisco" for product "Ace 4710" and version "a1\(2.0\)" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ace 4710 Search vendor "Cisco" for product "Ace 4710" | a1\(8.0\) Search vendor "Cisco" for product "Ace 4710" and version "a1\(8.0\)" | - |
Affected
|