Details of VAR-201007-0202

ID

VAR-201007-0202

CVE

CVE-2010-1576

TITLE

Cisco Content Services Switch In HTTP Request Smuggling Attack vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-001729

DESCRIPTION

The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885. The problem is Bug ID : CSCta04885 It is a problem.Avoid inserting headers by a third party through crafted header data, or HTTP Request Smuggling An attack may be triggered. The Cisco CSS 11500 Content Services Switch is a load balancing device that provides robust and scalable network services (layers 4-7) for the data center. CSS differs from the way a common web server interprets HTTP line breaks. RFC 2616 defines a US ASCII carriage return/line feed (CRLF) sequence as a line termination flag for protocol elements (excluding entities), both CSS and ACE. But popular web servers allow the arrangement of various CRLF sequences (including LF, CR, and LFCR) as line termination markers. An attacker can exploit these issues to impersonate other users when using client certificate-based authentication and to bypass certain security restrictions. Other attacks are also possible. These issues are being tracked by Cisco Bugid CSCSZ04690 and CSCTA04885

Trust: 2.52

sources: NVD: CVE-2010-1576 // JVNDB: JVNDB-2010-001729 // CNVD: CNVD-2010-1235 // BID: 41315 // VULHUB: VHN-44181

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-1235

AFFECTED PRODUCTS

vendor:	cisco	model:	ace 4710	scope:	eq	version:	a1\(2.0\)	Trust: 1.6
vendor:	cisco	model:	content services switch 11500	scope:	eq	version:	8.20.1.01	Trust: 1.6
vendor:	cisco	model:	content services switch 11500	scope:	eq	version:	08.20.1.01	Trust: 1.6
vendor:	cisco	model:	content services switch 11500	scope:	eq	version:	8.20.2.01	Trust: 1.6
vendor:	cisco	model:	content services switch 11500	scope:	eq	version:	8.20.0.01	Trust: 1.6
vendor:	cisco	model:	ace 4710	scope:	eq	version:	a1\(8.0\)	Trust: 1.6
vendor:	cisco	model:	ace 4710	scope:	lte	version:	a3\(2.5\)	Trust: 1.0
vendor:	cisco	model:	content services switch 11500	scope:	lte	version:	8.20.3.03	Trust: 1.0
vendor:	cisco	model:	ace 4710	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	css 11500 series	scope:	-	version:	-	Trust: 0.8
vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	content services switch 11500	scope:	eq	version:	8.20.3.03	Trust: 0.6
vendor:	cisco	model:	ace 4710	scope:	eq	version:	a3\(2.5\)	Trust: 0.6
vendor:	cisco	model:	css11500 content services switch	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ace appliance a3	scope:	eq	version:	4750	Trust: 0.3

sources: CNVD: CNVD-2010-1235 // BID: 41315 // JVNDB: JVNDB-2010-001729 // CNNVD: CNNVD-201007-035 // NVD: CVE-2010-1576

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-1576
value:	HIGH
Trust: 1.0
NVD:	CVE-2010-1576
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201007-035
value:	HIGH
Trust: 0.6
VULHUB:	VHN-44181
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2010-1576
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2010-1576
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-44181
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-44181 // JVNDB: JVNDB-2010-001729 // CNNVD: CNNVD-201007-035 // NVD: CVE-2010-1576

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-44181 // JVNDB: JVNDB-2010-001729 // NVD: CVE-2010-1576

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201007-035

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201007-035

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-001729

PATCH

title:

20808

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=20808

Trust: 0.8

sources: JVNDB: JVNDB-2010-001729

EXTERNAL IDS

db:	NVD	id:	CVE-2010-1576	Trust: 3.4
db:	BID	id:	41315	Trust: 2.8
db:	SECTRACK	id:	1024167	Trust: 2.5
db:	SECTRACK	id:	1024168	Trust: 2.5
db:	OSVDB	id:	66092	Trust: 1.9
db:	JVNDB	id:	JVNDB-2010-001729	Trust: 0.8
db:	CNNVD	id:	CNNVD-201007-035	Trust: 0.7
db:	CNVD	id:	CNVD-2010-1235	Trust: 0.6
db:	BUGTRAQ	id:	20100702 VSR ADVISORY: MULTIPLE CISCO CSS / ACE CLIENT CERTIFICATE AND HTTP HEADER MANIPULATION VULNERABILITIES	Trust: 0.6
db:	NSFOCUS	id:	15368	Trust: 0.6
db:	VULHUB	id:	VHN-44181	Trust: 0.1

sources: CNVD: CNVD-2010-1235 // VULHUB: VHN-44181 // BID: 41315 // JVNDB: JVNDB-2010-001729 // CNNVD: CNNVD-201007-035 // NVD: CVE-2010-1576

REFERENCES

url:	http://www.securityfocus.com/bid/41315	Trust: 2.5
url:	http://securitytracker.com/id?1024167	Trust: 2.5
url:	http://securitytracker.com/id?1024168	Trust: 2.5
url:	http://www.vsecurity.com/resources/advisory/20100702-1/	Trust: 2.0
url:	http://osvdb.org/66092	Trust: 1.9
url:	http://www.securityfocus.com/archive/1/512144/100/0/threaded	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1576	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1576	Trust: 0.8
url:	http://marc.info/?l=bugtraq&m=127808444302943&w=2	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/512144/100/0/threaded	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/15368	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	/archive/1/512144	Trust: 0.3

sources: CNVD: CNVD-2010-1235 // VULHUB: VHN-44181 // BID: 41315 // JVNDB: JVNDB-2010-001729 // CNNVD: CNNVD-201007-035 // NVD: CVE-2010-1576

CREDITS

George D. Gal※ ggal@vsecurity.com

Trust: 0.6

sources: CNNVD: CNNVD-201007-035

SOURCES

db:	CNVD	id:	CNVD-2010-1235
db:	VULHUB	id:	VHN-44181
db:	BID	id:	41315
db:	JVNDB	id:	JVNDB-2010-001729
db:	CNNVD	id:	CNNVD-201007-035
db:	NVD	id:	CVE-2010-1576

LAST UPDATE DATE

2024-11-23T21:47:23.286000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-1235	date:	2010-07-03T00:00:00
db:	VULHUB	id:	VHN-44181	date:	2018-10-10T00:00:00
db:	BID	id:	41315	date:	2015-04-13T21:05:00
db:	JVNDB	id:	JVNDB-2010-001729	date:	2010-07-27T00:00:00
db:	CNNVD	id:	CNNVD-201007-035	date:	2010-07-08T00:00:00
db:	NVD	id:	CVE-2010-1576	date:	2024-11-21T01:14:43.387

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-1235	date:	2010-07-03T00:00:00
db:	VULHUB	id:	VHN-44181	date:	2010-07-06T00:00:00
db:	BID	id:	41315	date:	2010-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2010-001729	date:	2010-07-27T00:00:00
db:	CNNVD	id:	CNNVD-201007-035	date:	2010-07-08T00:00:00
db:	NVD	id:	CVE-2010-1576	date:	2010-07-06T17:17:13.233