CVE-2010-1575

Name of the Vulnerable Software and Affected Versions Cisco Content Services Switch (CSS) 11500 version 08.20.1.01

Description The issue concerns the handling of authentication data through ClientCert-* headers. Specifically, the software does not delete client-supplied ClientCert-* headers, which could allow remote attackers to bypass authentication by crafting header data. For example, an attacker might use a ClientCert-Subject-CN header to exploit this issue.

Recommendations For Cisco Content Services Switch (CSS) 11500 version 08.20.1.01, consider restricting access to the authentication mechanism that relies on ClientCert-* headers until a patch is available. As a temporary workaround, avoid using client-supplied ClientCert-* headers in the authentication process to minimize the risk of exploitation.