108 matches found
CVE-2016-6412
The CVE-2016-6412 entry describes a vulnerability in Cisco IOS/IOS XE’s Application-hosting Framework (CAF) when the IOx feature set is enabled. The issue arises from insufficient input validation in CAF, allowing a remote attacker to induce a CAF user to download an attacker-controlled file by s...
CVE-2016-6410
CVE-2016-6410 relates to Cisco IOS/IOS XE CAF with the IOx feature enabled, where an authenticated remote attacker could read arbitrary files via unspecified vectors. The root cause is cited as insufficient input validation in CAF. Cisco has released software updates addressing this vulnerability...
Cisco IOS and IOS XE Software Application-Hosting Framework Unauthorized File Access Vulnerability
Cisco IOS and IOS XE Software are operating systems developed by Cisco in the United States for its network devices. An unauthorized file access vulnerability exists in the Application-Hosting Framework component of Cisco IOS and IOS XE Software. When the Iox feature setting is enabled, a remote...
Cisco IOS and IOS XE Software Application-Hosting Framework HTTP Header Injection Vulnerability
Cisco IOS and IOS XE Software are operating systems developed by Cisco in the United States for its network devices. An HTTP header injection vulnerability exists in the Application-Hosting Framework component in Cisco IOS version 15.61T1 and IOS XE Software. When the Iox feature setting is...
Cisco IOS Software Cisco Application-Hosting Framework HTTP Header Injection Vulnerability (cisco-sa-20160921-caf1)
A vulnerability in the Cisco Application-hosting Framework CAF component for Cisco IOS Software with the IOx feature set could allow an unauthenticated, remote attacker to cause a CAF user to download a file controlled by the attacker. SPDX-FileCopyrightText: 2016 Greenbone AG Some text...
Cisco Application-Hosting Framework HTTP Header Injection Vulnerability
A vulnerability in the Cisco Application-hosting Framework CAF component for Cisco IOS and IOS XE Software with the IOx feature set could allow an unauthenticated, remote attacker to cause a CAF user to download a file controlled by the attacker. The vulnerability is due to insufficient input...
Cisco IOS and IOS XE Software Application-Hosting Framework Unauthorized File Access Vulnerability
A vulnerability in the Cisco application-hosting framework CAF for Cisco IOS and IOS XE Software with the IOx feature set could allow an authenticated, remote attacker to read arbitrary files on a targeted system. The vulnerability is due to insufficient input validation by the affected framework...
CGI Generic XSS (persistent, 3rd Pass)
The remote web server hosts one or more CGI scripts that fail to adequately sanitize request strings containing malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the...