CVE-2010-2629

Name of the Vulnerable Software and Affected Versions Cisco Content Services Switch (CSS) 11500 version 8.20.4.02 Cisco Application Control Engine (ACE) 4710 version A2(3.0)

Description The issue arises from improper handling of LF header terminators in situations where the GET line is terminated by CRLF, allowing remote attackers to conduct HTTP request smuggling attacks. This could potentially bypass intended header insertions via crafted header data, such as an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers.

Recommendations For Cisco Content Services Switch (CSS) 11500 version 8.20.4.02, update the software to a version that properly handles LF header terminators. For Cisco Application Control Engine (ACE) 4710 version A2(3.0), update the software to a version that correctly processes header data to prevent HTTP request smuggling attacks. As a temporary workaround, consider restricting access to crafted header data until a patch is available.