Lucene search

[email protected]CVE-2011-3285

HistoryMay 02, 2012 - 10:09 a.m.

CVE-2011-3285

2012-05-0210:09:00

CWE-94

CWE-20

[email protected]

web.nvd.nist.gov

cwe-22

cisco asa

cve-2011-3285

crlf injection

http response splitting

security vulnerability

7.9 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.5%

JSON

CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCth63101.

CPENameOperatorVersion
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq8.0
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq8.0\(2\)
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq8.0\(3\)
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq8.0\(4\)
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq8.0\(5\)
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq8.0.2
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq8.0.3
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq8.0.4
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq8.0.5
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq8.1

CPE	Name	Operator	Version
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	8.0
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	8.0\(2\)
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	8.0\(3\)
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	8.0\(4\)
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	8.0\(5\)
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	8.0.2
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	8.0.3
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	8.0.4
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	8.0.5
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	8.1

Rows per page:

1-10 of 311

References

www.cisco.com/web/software/280775065/37740/ASA-805-Interim-Release-Notes.html

www.securitytracker.com/id?1027008

exchange.xforce.ibmcloud.com/vulnerabilities/75343

7.9 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.5%

JSON

Related for CVE-2011-3285

prion1 cvelist1