CVE-2014-2137

CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002.

Severity	MEDIUM
CVSS	4.3
CWE	CWE-20
KEV
Published	12 years ago
Modified	1 week ago

Related Products

Product	Advisory
Cisco Web Security Appliance (WSA)	Cisco-SA-20140401-CVE-2014-2137
Cisco Secure Web Appliance	Cisco-SA-20140401-CVE-2014-2137