Lucene search

PRIOn knowledge basePRION:CVE-2008-7257

HistoryJun 29, 2010 - 6:30 p.m.

Crlf injection

2010-06-2918:30:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.909 High

EPSS

Percentile

98.8%

JSON

CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163.

CPENameOperatorVersion
asa_5580eq8.11.0

CPE	Name	Operator	Version
	asa_5580	eq	8.11.0

References

securitytracker.com/id?1024155

www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html

www.securityfocus.com/archive/1/512023/100/0/threaded

www.securityfocus.com/bid/41159

exchange.xforce.ibmcloud.com/vulnerabilities/59850

www.secureworks.com/ctu/advisories/SWRX-2010-001

7.5 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.909 High

EPSS

Percentile

98.8%

JSON

Related for PRION:CVE-2008-7257