PT-2012-1824 · Cisco · Ciscoworks Common Services
Publicado
2012-05-03
·
Atualizado
2012-06-09
·
CVE-2011-4237
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
CiscoWorks Common Services version 4.0
Description
A CRLF injection issue in autologin.jsp allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the
URL parameter.Recommendations
For CiscoWorks Common Services version 4.0, update to a version that fixes the Bug ID CSCtu18693 issue to prevent CRLF injection attacks.
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ciscoworks Common Services