#VU9385 HTTP response splitting in Cisco Email Security Appliance
Vulnerability identifier: #VU9385
Vulnerability risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-113
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco Email Security Appliance
Server applications /
IDS/IPS systems, Firewalls and proxy servers
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote user to perform HTTP response splitting attack.
The weakness exists in the Cisco Email Security Appliance (ESA) due to the failure of the application or its environment to properly sanitize input values. A remote attacker can inject a specially crafted HTTP headers controlling the response body, or splitting the response into multiple responses.
Successful vulnerability may result in cross-site scripting
attacks, cross-user defacement, web cache poisoning, and similar
exploits.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Cisco Email Security Appliance: 10.0.2 020 - 11.0.0 105
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-esa
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
