HTTP Request Smuggling Vulnerability in Cisco Content Services Switch and Application Control Engine
CVE-2010-2629

Currently unrated

Key Information:

Vendor: Cisco
Status: Content Services Switch 11500
Vendor: CVE Published:; 6 July 2010

Summary

This vulnerability affects the Cisco Content Services Switch (CSS) 11500 and Application Control Engine (ACE) 4710, where improper handling of Line Feed (LF) header terminators can allow for HTTP request smuggling attacks. Attackers can exploit this flaw by crafting specific header data, potentially bypassing intended header insertions. This flaw stems from an incomplete fix for a previously reported issue, leading to security risks for users relying on these network devices.

References

http://www.securityfocus.com/archive/1/512144/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://securitytracker.com/id?1024167

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/41315

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jul 6, 2010
Vulnerability Reserved
Jul 6, 2010