Cisco Content Services Switch (CSS) and Application Control Engine (ACE) Vulnerability
CVE-2010-1576

Currently unrated

Key Information:

Vendor: Cisco
Status: Content Services Switch 11500
Vendor: CVE Published:; 6 July 2010

Summary

The Cisco Content Services Switch (CSS) 11500 and Application Control Engine (ACE) 4710 are susceptible to a vulnerability arising from improper handling of line feed (LF), carriage return (CR), and CRLF sequences in HTTP headers. This flaw permits remote attackers to manipulate header data, potentially resulting in HTTP request smuggling attacks. Specific header fields, such as ClientCert-Subject and ClientCert-Subject-CN, can be exploited when LF characters are used, leading to unintended outcomes in the handling of requests. Organizations using these affected products should assess their exposure and take necessary precautions.

References

http://www.securityfocus.com/archive/1/512144/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://securitytracker.com/id?1024167

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/41315

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jul 6, 2010
Vulnerability Reserved
Apr 27, 2010