Cisco Web Security Appliance HTTP头重定向漏洞

CVE ID:CVE-2014-2137 Cisco Web Security Appliance是安全的Web网关，在一个平台上集成了恶意软件防护、应用可视化控制、策略控制等。Cisco IronPort AsyncOS是电子邮件安全设备。 某些关于HTTP头的输入在用来重定向用户之前没有正确验证。这可以被利用来将用户重定向到任意网站。 0 Cisco Web Security Appliance 7.x Cisco Web Security Appliance 8.x 目前没有详细解决方案：...

CVE-2014-2137

Cisco Web Security Appliance (WSA) 7.x and 8.x are affected by a CRLF injection vulnerability in the web framework. The root cause is insufficient validation of input used as HTTP header values, allowing remote attackers to inject arbitrary headers and perform redirection attacks via crafted URLs...

CVE-2014-2137

CRLF injection vulnerability in the web framework in Cisco Web Security Appliance WSA 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002...