36 matches found
EUVD-2010-1603
Malware in sbrugna...
EUVD-2010-1602
Malware in sbrugna...
EUVD-2015-0680
Malware in sbrugna...
EUVD-2010-2633
Malware in sbrugna...
Cisco Content Services Switch Security Restriction Bypass Vulnerability
The Cisco CSS 11500 Content Services Switch is a load balancing device used to provide robust and measurable network services Layer 4-7 to data centers. The Cisco CSS 11500 device version 8.20.4.02 and earlier, has a security vulnerability in the management interface, which can be exploited by a...
CVE-2015-0667
The Management Interface on Cisco Content Services Switch CSS 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted SSH packets, aka Bug ID CSCut14855...
Design/Logic Flaw
The Management Interface on Cisco Content Services Switch CSS 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted SSH packets, aka Bug ID CSCut14855...
CVE-2015-0667
The Management Interface on Cisco Content Services Switch CSS 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted SSH packets, aka Bug ID CSCut14855...
CVE-2015-0667
The CVE-2015-0667 issue affects Cisco Content Services Switch (CSS) 11500 devices running 8.20.4.02 and earlier, where the Management Interface allows bypassing restrictions on local-network device access via crafted SSH packets. Root cause: improper handling of SSH packets on the Management Inte...
Cisco Content Services Switch (11500) Unauthenticated Port Forwarding Vulnerability
A vulnerability in the Management Interface of the Cisco Content Services Switch 11500 could allow an unauthenticated, remote attacker to gain unauthorized access to other devices on the network. The vulnerability is due to improper handling of SSH packets. An attacker could exploit this...
VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities Release Date: 2010-07-02 Application:...
CVE-2010-1576
The Cisco Content Services Switch CSS 11500 with software before 8.20.4.02 and the Application Control Engine ACE 4710 with software before A23.0 do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to...
CVE-2010-1575
The Cisco Content Services Switch CSS 11500 with software 08.20.1.01 conveys authentication data through ClientCert- headers but does not delete client-supplied ClientCert- headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a...
CVE-2010-2629
The Cisco Content Services Switch CSS 11500 with software 8.20.4.02 and the Application Control Engine ACE 4710 with software A23.0 do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling...
Authentication flaw
The Cisco Content Services Switch CSS 11500 with software 08.20.1.01 conveys authentication data through ClientCert- headers but does not delete client-supplied ClientCert- headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a...
Crlf injection
The Cisco Content Services Switch CSS 11500 with software before 8.20.4.02 and the Application Control Engine ACE 4710 with software before A23.0 do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to...
Design/Logic Flaw
The Cisco Content Services Switch CSS 11500 with software 8.20.4.02 and the Application Control Engine ACE 4710 with software A23.0 do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling...
CVE-2010-2629
The Cisco Content Services Switch CSS 11500 with software 8.20.4.02 and the Application Control Engine ACE 4710 with software A23.0 do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling...
CVE-2010-1576
Mode C Vulnerability: CVE-2010-1576 affects Cisco CSS 11500 (pre-8.20.4.02) and Cisco ACE 4710 (pre-A2(3.0)); the issue is improper handling of HTTP header end-of-line sequences (LF, CR, LFCR vs CRLF), enabling header insertion bypass and HTTP request smuggling via crafted headers (e.g., ClientCe...
CVE-2010-1575
CVE-2010-1575 affects Cisco CSS 11500 (software 08.20.1.01) and Cisco ACE; root cause is weak enforcement of HTTP ClientCert-* headers during SSL termination, leaving room for an attacker to spoof client certificates and impersonate other users. Impact, as described, is potential authentication b...