CVE

Id
37374  
CVE No.
CVE-2008-7257  
Status
Candidate  
Description
CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163.  
Phase
Assigned (20100622)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
405273 37374 CVE-2008-7257 BUGTRAQ:20100624 [SWRX-2010-001] Cisco ASA HTTP Response Splitting Vulnerability  View
405274 37374 CVE-2008-7257 URL:http://www.securityfocus.com/archive/1/archive/1/512023/100/0/threaded  View
405275 37374 CVE-2008-7257 MISC:http://www.secureworks.com/ctu/advisories/SWRX-2010-001  View
405276 37374 CVE-2008-7257 CONFIRM:http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html  View
405277 37374 CVE-2008-7257 BID:41159  View
405278 37374 CVE-2008-7257 URL:http://www.securityfocus.com/bid/41159  View
405279 37374 CVE-2008-7257 SECTRACK:1024155  View
405280 37374 CVE-2008-7257 URL:http://securitytracker.com/id?1024155  View
405281 37374 CVE-2008-7257 XF:cisco-asa-interface-response-splitting(59850)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
37110 JVNDB-2010-002895 IBM FileNet P8AE の Workplace コンポーネントにおける重要な情報を取得される脆弱性 IBM FileNet P8 Application Engine (P8AE) の Workplace コンポーネントは、log4j.xml 内にユーザ資格情報を含む DEBUG メッセージを記録するため、重要な情報を取得される脆弱性が存在します。 CVE-2008-7261 37374 2.1 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002895.html  View