Vulnslist

find the latest Cisco vulnerabilities

Cisco Email Security Appliance and Content Security Management Appliance HTTP Response Splitting Vulnerability

cisco-sa-20171115-esa · Medium · Published · Updated

A vulnerability in the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) software could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. An exploit could allow the attacker to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-esa

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-12309
Cisco Bug IDsCSCvf16705, CSCvj76180
CVSS ScoreBase 5.3
Base 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), Cisco Secure Email, Cisco Secure Email and Web Manager

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2017-12309 Cisco OpenVuln
Cisco Catalyst PON Series Switches CVE-2017-12309 Cisco OpenVuln
Cisco Secure Email and Web Manager CVE-2017-12309 Cisco OpenVuln
Cisco Secure Email CVE-2017-12309 Cisco OpenVuln
Cisco Email Security Appliance (ESA) CVE-2017-12309 Cisco OpenVuln
Cisco Content Security Management Appliance (SMA) CVE-2017-12309 Cisco OpenVuln