EUVD-2005-3425

Malware in sbrugna...

CVE-2010-2629

The Cisco Content Services Switch CSS 11500 with software 8.20.4.02 and the Application Control Engine ACE 4710 with software A23.0 do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling...

CVE-2010-1575

CVE-2010-1575 affects Cisco CSS 11500 (software 08.20.1.01) and Cisco ACE; root cause is weak enforcement of HTTP ClientCert-* headers during SSL termination, leaving room for an attacker to spoof client certificates and impersonate other users. Impact, as described, is potential authentication b...

CVE-2010-1576

Mode C Vulnerability: CVE-2010-1576 affects Cisco CSS 11500 (pre-8.20.4.02) and Cisco ACE 4710 (pre-A2(3.0)); the issue is improper handling of HTTP header end-of-line sequences (LF, CR, LFCR vs CRLF), enabling header insertion bypass and HTTP request smuggling via crafted headers (e.g., ClientCe...

CVE-2010-1575

The Cisco Content Services Switch CSS 11500 with software 08.20.1.01 conveys authentication data through ClientCert- headers but does not delete client-supplied ClientCert- headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a...

CVE-2010-2629

CVE-2010-2629 and CVE-2010-1576 describe HTTP header handling flaws in Cisco CSS 11500 and ACE 4710, enabling HTTP request smuggling via LF/CRLF header terminators and potential header spoofing of ClientCert-* fields when GET lines are CRLF-terminated and mixed newline sequences occur. The issue ...

Design/Logic Flaw

Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service device reload via 1 "valid, but obsolete" or 2 "specially crafted" HTTP requests...

CVE-2006-1631

Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service device reload via 1 "valid, but obsolete" or 2 "specially crafted" HTTP requests...

CVE-2006-1631

Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service device reload via 1 "valid, but obsolete" or 2 "specially crafted" HTTP requests...

CVE-2006-1631

The CVE-2006-1631 entry refers to a vulnerability in Cisco 11500 Series Content Services switches where the HTTP compression feature can be abused to trigger a denial-of-service (device reload) by sending certain HTTP requests (either valid but obsolete or specially crafted). Exploitation details...

CVE-2005-3426

Cisco CSS 11500 Content Services Switch CSS with SSL termination services allows remote attackers to cause a denial of service memory corruption and device reload via a malformed client certificate during SSL session negotiation...

CVE-2005-3426

Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services is affected by CVE-2005-3426. The vulnerability allows remote attackers to trigger a denial of service via memory corruption during SSL session negotiation when a malformed client certificate is presented. The entry notes...

CVE-2005-3426

Cisco CSS 11500 Content Services Switch CSS with SSL termination services allows remote attackers to cause a denial of service memory corruption and device reload via a malformed client certificate during SSL session negotiation...