Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistCiscoCVELIST:CVE-2017-12309
HistoryNov 16, 2017 - 7:00 a.m.

CVE-2017-12309

2017-11-1607:00:00
CWE-113
cisco
www.cve.org

0.001 Low

EPSS

Percentile

50.5%

JSON

A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. An exploit could allow the attacker to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits. Cisco Bug IDs: CSCvf16705.

CNA Affected

[
  {
    "product": "Cisco Email Security Appliance",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Email Security Appliance"
      }
    ]
  }
]

Related

prion 1
cisco 1
cve 1
nvd 1
prion
prion
Cross site scripting
2017-11-16 07:29:00
cisco
cisco
Cisco Email Security Appliance and Content Security Management Appliance HTTP Response Splitting Vulnerability
2017-11-15 16:00:00
cve
cve
CVE-2017-12309
2017-11-16 07:29:00
nvd
nvd
CVE-2017-12309
2017-11-16 07:29:00

0.001 Low

EPSS

Percentile

50.5%

JSON
Related for CVELIST:CVE-2017-12309
prion1cisco1cve1nvd1