var-201007-0201
Vulnerability from variot
The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert- headers but does not delete client-supplied ClientCert- headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a ClientCert-Subject-CN header, aka Bug ID CSCsz04690. When using CSS to terminate SSL communication, you must first authenticate the SSL client certificate. The CSS usually passes the identity of the client to the backend web server in the form of the following HTTP header: ClientCert-Subject: XXXClientCert-Subject-CN: XXXClientCert-Fingerprint: XXXClientCert-Subject-CN: XXXClientCert-Issuer-CN: XXXClientCert-Certificate-Version : XXXClientCert-Serial-Number: XXXClientCert-Data-Signature-Algorithm: XXXClientCert-Subject: XXXClientCert-Issuer: XXXClientCert-Not-Before: XXXClientCert-Not-After: XXXClientCert-Public-Key-Algorithm: XXXClientCert-RSA-Modulus-Size : XXXClientCert-RSA-Modulus: XXXClientCert-RSA-Exponent: XXXClientCert-X509v3-Subject-Key-Identifier: XXXClientCert-X509v3-Authority-Key-Identifier: XXXClientCert-Signature-Algorithm: XXXClientCert-Signature: XXX but CSS does not protect against the client Provides its own ClientCert-* header, so an attacker can act as a fake user for other users, depending on how the application developer handles multiple header copies. An attacker can exploit these issues to impersonate other users when using client certificate-based authentication and to bypass certain security restrictions. Other attacks are also possible. These issues are being tracked by Cisco Bugid CSCSZ04690 and CSCTA04885
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201007-0201",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "content services switch 11500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "08.20.1.01"
},
{
"model": "css 11500 series",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "css11500 content services switch",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ace appliance a3",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4750"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1236"
},
{
"db": "BID",
"id": "41315"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001728"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-034"
},
{
"db": "NVD",
"id": "CVE-2010-1575"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:css_11500",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001728"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "George D. Gal\u203b ggal@vsecurity.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201007-034"
}
],
"trust": 0.6
},
"cve": "CVE-2010-1575",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2010-1575",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-44180",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-1575",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-1575",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201007-034",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-44180",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44180"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001728"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-034"
},
{
"db": "NVD",
"id": "CVE-2010-1575"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a ClientCert-Subject-CN header, aka Bug ID CSCsz04690. When using CSS to terminate SSL communication, you must first authenticate the SSL client certificate. The CSS usually passes the identity of the client to the backend web server in the form of the following HTTP header: ClientCert-Subject: XXXClientCert-Subject-CN: XXXClientCert-Fingerprint: XXXClientCert-Subject-CN: XXXClientCert-Issuer-CN: XXXClientCert-Certificate-Version : XXXClientCert-Serial-Number: XXXClientCert-Data-Signature-Algorithm: XXXClientCert-Subject: XXXClientCert-Issuer: XXXClientCert-Not-Before: XXXClientCert-Not-After: XXXClientCert-Public-Key-Algorithm: XXXClientCert-RSA-Modulus-Size : XXXClientCert-RSA-Modulus: XXXClientCert-RSA-Exponent: XXXClientCert-X509v3-Subject-Key-Identifier: XXXClientCert-X509v3-Authority-Key-Identifier: XXXClientCert-Signature-Algorithm: XXXClientCert-Signature: XXX but CSS does not protect against the client Provides its own ClientCert-* header, so an attacker can act as a fake user for other users, depending on how the application developer handles multiple header copies. \nAn attacker can exploit these issues to impersonate other users when using client certificate-based authentication and to bypass certain security restrictions. Other attacks are also possible. \nThese issues are being tracked by Cisco Bugid CSCSZ04690 and CSCTA04885",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1575"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001728"
},
{
"db": "CNVD",
"id": "CNVD-2010-1236"
},
{
"db": "BID",
"id": "41315"
},
{
"db": "VULHUB",
"id": "VHN-44180"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-44180",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44180"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-1575",
"trust": 3.4
},
{
"db": "BID",
"id": "41315",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1024167",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "66091",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001728",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201007-034",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2010-1236",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "15368",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20100702 VSR ADVISORY: MULTIPLE CISCO CSS / ACE CLIENT CERTIFICATE AND HTTP HEADER MANIPULATION VULNERABILITIES",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "91436",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-44180",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1236"
},
{
"db": "VULHUB",
"id": "VHN-44180"
},
{
"db": "BID",
"id": "41315"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001728"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-034"
},
{
"db": "NVD",
"id": "CVE-2010-1575"
}
]
},
"id": "VAR-201007-0201",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1236"
},
{
"db": "VULHUB",
"id": "VHN-44180"
}
],
"trust": 1.28653843
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1236"
}
]
},
"last_update_date": "2024-11-23T21:47:23.323000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "20807",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=20807"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001728"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44180"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001728"
},
{
"db": "NVD",
"id": "CVE-2010-1575"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/41315"
},
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1024167"
},
{
"trust": 2.0,
"url": "http://www.vsecurity.com/resources/advisory/20100702-1/"
},
{
"trust": 1.9,
"url": "http://osvdb.org/66091"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/512144/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1575"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1575"
},
{
"trust": 0.6,
"url": "http://marc.info/?l=bugtraq\u0026m=127808444302943\u0026w=2"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/512144/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/15368"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "/archive/1/512144"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1236"
},
{
"db": "VULHUB",
"id": "VHN-44180"
},
{
"db": "BID",
"id": "41315"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001728"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-034"
},
{
"db": "NVD",
"id": "CVE-2010-1575"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-1236"
},
{
"db": "VULHUB",
"id": "VHN-44180"
},
{
"db": "BID",
"id": "41315"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001728"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-034"
},
{
"db": "NVD",
"id": "CVE-2010-1575"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1236"
},
{
"date": "2010-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-44180"
},
{
"date": "2010-07-02T00:00:00",
"db": "BID",
"id": "41315"
},
{
"date": "2010-07-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001728"
},
{
"date": "2010-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201007-034"
},
{
"date": "2010-07-06T17:17:13.203000",
"db": "NVD",
"id": "CVE-2010-1575"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1236"
},
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-44180"
},
{
"date": "2015-04-13T21:05:00",
"db": "BID",
"id": "41315"
},
{
"date": "2010-07-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001728"
},
{
"date": "2010-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201007-034"
},
{
"date": "2024-11-21T01:14:43.277000",
"db": "NVD",
"id": "CVE-2010-1575"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201007-034"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Content Services Switch Vulnerabilities that bypass authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001728"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201007-034"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…