var-201007-0238
Vulnerability from variot
The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576. This vulnerability CVE-2010-1576 Due to an incomplete fix.Through a specially crafted header data by a third party, HTTP A request smuggling attack may be performed and intended header insertion may be avoided. The Cisco CSS 11500 Content Services Switch is a load balancing device that provides robust and scalable network services (layers 4-7) for the data center. An attacker can exploit these issues to impersonate other users when using client certificate-based authentication and to bypass certain security restrictions. Other attacks are also possible. These issues are being tracked by Cisco Bugid CSCSZ04690 and CSCTA04885
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201007-0238",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ace 4710",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "a1\\(2.0\\)"
},
{
"model": "content services switch 11500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.20.1.01"
},
{
"model": "content services switch 11500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "08.20.1.01"
},
{
"model": "content services switch 11500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.20.2.01"
},
{
"model": "content services switch 11500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.20.0.01"
},
{
"model": "ace 4710",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "a1\\(8.0\\)"
},
{
"model": "ace 4710",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "a3\\(2.5\\)"
},
{
"model": "content services switch 11500",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "8.20.3.03"
},
{
"model": "css11500 content services switch",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ace 4710",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "software a2(3.0)"
},
{
"model": "content services switch 11500",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "software 8.20.4.02"
},
{
"model": "content services switch 11500",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.20.3.03"
},
{
"model": "ace 4710",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "a3\\(2.5\\)"
},
{
"model": "ace appliance a3",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4750"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3981"
},
{
"db": "BID",
"id": "41315"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004188"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-047"
},
{
"db": "NVD",
"id": "CVE-2010-2629"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:ace_4710",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:content_services_switch_11500",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004188"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "George D. Gal\u203b ggal@vsecurity.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201007-047"
}
],
"trust": 0.6
},
"cve": "CVE-2010-2629",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2010-2629",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2010-3981",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-45234",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-2629",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-2629",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2010-3981",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201007-047",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-45234",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3981"
},
{
"db": "VULHUB",
"id": "VHN-45234"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004188"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-047"
},
{
"db": "NVD",
"id": "CVE-2010-2629"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576. This vulnerability CVE-2010-1576 Due to an incomplete fix.Through a specially crafted header data by a third party, HTTP A request smuggling attack may be performed and intended header insertion may be avoided. The Cisco CSS 11500 Content Services Switch is a load balancing device that provides robust and scalable network services (layers 4-7) for the data center. \nAn attacker can exploit these issues to impersonate other users when using client certificate-based authentication and to bypass certain security restrictions. Other attacks are also possible. \nThese issues are being tracked by Cisco Bugid CSCSZ04690 and CSCTA04885",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2629"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004188"
},
{
"db": "CNVD",
"id": "CNVD-2010-3981"
},
{
"db": "BID",
"id": "41315"
},
{
"db": "VULHUB",
"id": "VHN-45234"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2629",
"trust": 3.4
},
{
"db": "BID",
"id": "41315",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1024167",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1024168",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004188",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201007-047",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2010-3981",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20100702 VSR ADVISORY: MULTIPLE CISCO CSS / ACE CLIENT CERTIFICATE AND HTTP HEADER MANIPULATION VULNERABILITIES",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "15368",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-45234",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3981"
},
{
"db": "VULHUB",
"id": "VHN-45234"
},
{
"db": "BID",
"id": "41315"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004188"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-047"
},
{
"db": "NVD",
"id": "CVE-2010-2629"
}
]
},
"id": "VAR-201007-0238",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3981"
},
{
"db": "VULHUB",
"id": "VHN-45234"
}
],
"trust": 1.28653843
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3981"
}
]
},
"last_update_date": "2024-11-23T21:47:23.360000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004188"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-45234"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004188"
},
{
"db": "NVD",
"id": "CVE-2010-2629"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/41315"
},
{
"trust": 2.0,
"url": "http://www.vsecurity.com/resources/advisory/20100702-1/"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1024167"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1024168"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/512144/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2629"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2629"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/512144/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/15368"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "/archive/1/512144"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3981"
},
{
"db": "VULHUB",
"id": "VHN-45234"
},
{
"db": "BID",
"id": "41315"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004188"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-047"
},
{
"db": "NVD",
"id": "CVE-2010-2629"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-3981"
},
{
"db": "VULHUB",
"id": "VHN-45234"
},
{
"db": "BID",
"id": "41315"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004188"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-047"
},
{
"db": "NVD",
"id": "CVE-2010-2629"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-07-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3981"
},
{
"date": "2010-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-45234"
},
{
"date": "2010-07-02T00:00:00",
"db": "BID",
"id": "41315"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004188"
},
{
"date": "2010-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201007-047"
},
{
"date": "2010-07-06T17:17:13.517000",
"db": "NVD",
"id": "CVE-2010-2629"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-07-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3981"
},
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-45234"
},
{
"date": "2015-04-13T21:05:00",
"db": "BID",
"id": "41315"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004188"
},
{
"date": "2010-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201007-047"
},
{
"date": "2024-11-21T01:17:02.510000",
"db": "NVD",
"id": "CVE-2010-2629"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201007-047"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco CSS 11500 and ACE 4710 Vulnerabilities in which intended header insertion could be bypassed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004188"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201007-047"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…