HTTP Header Injection Flaw in Cisco AsyncOS on Email Security and Web Appliances
CVE-2015-0624

Currently unrated

Key Information:

Vendor: Cisco
Status: Content Security Management Appliance; Web Security Appliance; Email Security Appliance Firmware
Vendor: CVE Published:; 21 February 2015

Summary

The web framework within Cisco's AsyncOS allows remote attackers to exploit improper handling of crafted HTTP headers, potentially redirecting users under malicious intent. This vulnerability affects multiple product lines including the Email Security Appliance, Content Security Management Appliance, and Web Security Appliance. Attackers can leverage this flaw to redirect traffic, misleading users and exposing them to further security risks. Organizations using these products should apply the necessary mitigations to safeguard against unauthorized access and ensure the integrity of user sessions.

References

http://packetstormsecurity.com/files/130525/Cisco-Ironpor...

x_refsource_MISC

http://www.securitytracker.com/id/1031782

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/72702

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Feb 21, 2015
Vulnerability Reserved
Jan 7, 2015