CRLF Injection Vulnerability in Cisco Headend Digital Broadband Delivery System
CVE-2015-0733

Currently unrated

Key Information:

Vendor: Cisco
Status: Headend Digital Broadband Delivery System
Vendor: CVE Published:; 30 May 2015

Summary

The CRLF injection vulnerability in the HTTP Header Handler of Cisco's Digital Broadband Delivery System enables remote attackers to manipulate HTTP headers. This can lead to serious security risks including HTTP response splitting attacks and the potential for cross-site scripting (XSS) attacks through carefully crafted requests. Attackers exploiting this vulnerability can control server responses or inject malicious scripts into web pages viewed by unsuspecting users. Organizations using this system should ensure they apply the necessary patches and safeguard against these types of attacks.

References

http://www.securitytracker.com/id/1032445

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
May 30, 2015
Vulnerability Reserved
Jan 7, 2015