ID
VAR-201006-0002
CVE
CVE-2008-7257
TITLE
Cisco Adaptive Security Appliances Device WebVPN In CRLF Injection vulnerability
Trust: 0.8
DESCRIPTION
CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust. Firmware versions prior to Cisco ASA 8.1(2) are vulnerable. This issue is being tracked by Cisco Bugid CSCsr09163
Trust: 1.98
AFFECTED PRODUCTS
| vendor: | cisco | model: | asa 5580 | scope: | eq | version: | 8.1\(1\) | Trust: 1.6 |
| vendor: | cisco | model: | adaptive security appliance | scope: | lt | version: | 8.1(2) | Trust: 0.8 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.1(1)5 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.1(1)4 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.1(1)2 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.1(1)13 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.1(1)1 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.1 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(4.9) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(4.28) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(4)7 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(4)6 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(4)5 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(4)28 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(4)25 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(4)24 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(4)23 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(4)22 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(4) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(3)9 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(3)15 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(3)14 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(3)10 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(3) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(2)17 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(2) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | ne | version: | 8.1(2) | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation
Trust: 0.6
CONFIGURATIONS
EXPLOIT AVAILABILITY
PATCH
| title: | asarn812 | url: | http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html | Trust: 0.8 |
EXTERNAL IDS
| db: | BID | id: | 41159 | Trust: 2.8 |
| db: | NVD | id: | CVE-2008-7257 | Trust: 2.8 |
| db: | SECTRACK | id: | 1024155 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2010-001701 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201006-457 | Trust: 0.7 |
| db: | BUGTRAQ | id: | 20100624 [SWRX-2010-001] CISCO ASA HTTP RESPONSE SPLITTING VULNERABILITY | Trust: 0.6 |
| db: | NSFOCUS | id: | 15323 | Trust: 0.6 |
| db: | EXPLOIT-DB | id: | 34200 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 91052 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-37382 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/41159 | Trust: 2.5 |
| url: | http://securitytracker.com/id?1024155 | Trust: 2.5 |
| url: | http://www.cisco.com/en/us/docs/security/asa/asa81/release/notes/asarn812.html | Trust: 2.0 |
| url: | http://www.secureworks.com/ctu/advisories/swrx-2010-001 | Trust: 2.0 |
| url: | http://www.securityfocus.com/archive/1/512023/100/0/threaded | Trust: 1.1 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/59850 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-7257 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-7257 | Trust: 0.8 |
| url: | http://www.securityfocus.com/archive/1/archive/1/512023/100/0/threaded | Trust: 0.6 |
| url: | http://www.nsfocus.net/vulndb/15323 | Trust: 0.6 |
CREDITS
Daniel King
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-37382 |
| db: | BID | id: | 41159 |
| db: | JVNDB | id: | JVNDB-2010-001701 |
| db: | CNNVD | id: | CNNVD-201006-457 |
| db: | NVD | id: | CVE-2008-7257 |
LAST UPDATE DATE
2024-11-23T21:47:25.261000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-37382 | date: | 2018-10-11T00:00:00 |
| db: | BID | id: | 41159 | date: | 2010-06-25T00:00:00 |
| db: | JVNDB | id: | JVNDB-2010-001701 | date: | 2010-07-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-201006-457 | date: | 2010-07-01T00:00:00 |
| db: | NVD | id: | CVE-2008-7257 | date: | 2024-11-21T00:58:40.450 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-37382 | date: | 2010-06-29T00:00:00 |
| db: | BID | id: | 41159 | date: | 2010-06-25T00:00:00 |
| db: | JVNDB | id: | JVNDB-2010-001701 | date: | 2010-07-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-201006-457 | date: | 2010-06-25T00:00:00 |
| db: | NVD | id: | CVE-2008-7257 | date: | 2010-06-29T18:30:01.410 |