CRLF Injection Vulnerability in CiscoWorks Common Services by Cisco
CVE-2011-4237

Currently unrated

Key Information:

Vendor: Cisco
Status: Ciscoworks Common Services
Vendor: CVE Published:; 3 May 2012

Summary

The vulnerability in CiscoWorks Common Services 4.0 allows remote attackers to exploit a CRLF (Carriage Return Line Feed) injection flaw through the autologin.jsp page. By manipulating the URL parameters, attackers can inject arbitrary HTTP headers, which may lead to HTTP response splitting attacks. This gives them the ability to interfere with web application responses and could enable session hijacking or cross-site scripting attacks. It is crucial for users of affected Cisco products to apply necessary patches and ensure proper security measures are in place.

References

http://secunia.com/advisories/49094

third-party-advisoryx_refsource_SECUNIA

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_m...

x_refsource_CONFIRM

http://www.nessus.org/plugins/index.php?view=single&id=58950

x_refsource_MISC

Timeline

Vulnerability published
May 3, 2012
Vulnerability Reserved
Nov 1, 2011