CVE-2014-2137

Currently unrated

Key Information:

Vendor
Cisco
Status
Web Security Appliance
Web Security Virtual Appliance
Vendor
CVE Published:
2 April 2014

Summary

CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...
x_refsource_CONFIRM
http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.