CRLF Injection Vulnerability in Cisco Adaptive Security Appliances WebVPN
CVE-2008-7257

Currently unrated

Key Information:

Vendor: Cisco
Status: Asa 5580
Vendor: CVE Published:; 29 June 2010

Summary

The CRLF injection vulnerability in the WebVPN component of Cisco Adaptive Security Appliances 5580 series enables remote attackers to inject arbitrary HTTP headers. This security flaw can be exploited through crafted URIs that include specific sequences, leading to HTTP response splitting attacks. As a result, attackers may manipulate responses from the server, potentially redirecting users and exposing sensitive data. The vulnerability impacts devices running software versions earlier than 8.1(2), necessitating prompt attention to secure systems against potential exploits.

References

http://www.securityfocus.com/bid/41159

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/512023/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.cisco.com/en/US/docs/security/asa/asa81/releas...

x_refsource_CONFIRM

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 29, 2010
Vulnerability Reserved
Jun 22, 2010