CVE-2010-1575

The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a ClientCert-Subject-CN header, aka Bug ID CSCsz04690.

Severity	HIGH
CVSS	7.5
CWE	CWE-264
KEV
Published	15 years ago
Modified	2 weeks ago

Related Products

Product	Advisory
Cisco RV Series Routers	Cisco-SA-20100702-CVE-2010-1575
Cisco Nexus Dashboard	Cisco-SA-20100702-CVE-2010-1575
Cisco MATE Collector, Design, Live	Cisco-SA-20100702-CVE-2010-1575
Cisco Application Centric Infrastructure Virtual Edge	Cisco-SA-20100702-CVE-2010-1575
Cisco SSL Services Module	Cisco-SA-20100702-CVE-2010-1575
Cisco Content Services Switch (CSS)	Cisco-SA-20100702-CVE-2010-1575