Lucene search

[email protected]CVE-2010-1575

HistoryJul 06, 2010 - 5:17 p.m.

CVE-2010-1575

2010-07-0617:17:00

CWE-264

[email protected]

web.nvd.nist.gov

cisco

content services switch

css 11500

authentication bypass

bug id cscsz04690

nvd

cve-2010-1575

7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.4%

JSON

The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a ClientCert-Subject-CN header, aka Bug ID CSCsz04690.

CPENameOperatorVersion
cisco:content_services_switch_11500cisco content services switch 11500eq08.20.1.01

CPE	Name	Operator	Version
cisco:content_services_switch_11500	cisco content services switch 11500	eq	08.20.1.01

References

osvdb.org/66091

securitytracker.com/id?1024167

www.securityfocus.com/archive/1/512144/100/0/threaded

www.securityfocus.com/bid/41315

www.vsecurity.com/resources/advisory/20100702-1/

7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.4%

JSON

Related for CVE-2010-1575

cisco1 prion1 securityvulns2 packetstorm1