CVE-2020-3117

Name of the Vulnerable Software and Affected Versions Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) (affected versions not specified)

Description The issue is related to insufficient validation of user input in the API Framework, allowing an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. This could be exploited by persuading a user to access a crafted URL, resulting in the attacker being able to inject arbitrary HTTP headers into valid HTTP responses sent to a user's browser. The vulnerability is also associated with the failure to handle CRLF sequences in HTTP headers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.