CRLF Injection Vulnerability in Cisco Web Security Appliance
CVE-2014-2137

Currently unrated

Key Information:

Vendor
Cisco
Status
Web Security Appliance
Web Security Virtual Appliance
Vendor
CVE Published:
2 April 2014

Summary

A CRLF injection vulnerability exists in the web framework of the Cisco Web Security Appliance (WSA) 7.7 and earlier. This flaw allows remote attackers to inject arbitrary HTTP headers through specially crafted URLs. Successful exploitation could aid attackers in conducting various redirection attacks, potentially leading to further exploitation or unauthorized access. Users of affected WSA versions should prioritize remediation efforts to mitigate potential risks associated with this vulnerability.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...
x_refsource_CONFIRM
http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.