Details of VAR-201205-0205

ID

VAR-201205-0205

CVE

CVE-2011-3285

TITLE

Cisco Adaptive Security Appliances 5500 series In the device CRLF Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-002213

DESCRIPTION

CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCth63101. The problem is Bug ID CSCth63101 It is a problem.By any third party HTTP Inserted header, or HTTP Response splitting attacks can be triggered

Trust: 1.71

sources: NVD: CVE-2011-3285 // JVNDB: JVNDB-2012-002213 // VULHUB: VHN-51230

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.5	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(5\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.3	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(4\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(1\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.4	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(3\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(2\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.2	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(4.4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2	Trust: 1.0
vendor:	cisco	model:	5500 series adaptive security appliance	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(2.11\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(3.9\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(5\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(4.1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(1.11\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance 5500 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0 to 8.4	Trust: 0.8

sources: JVNDB: JVNDB-2012-002213 // CNNVD: CNNVD-201205-033 // NVD: CVE-2011-3285

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-3285
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-3285
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201205-033
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-51230
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-3285
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-51230
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-51230 // JVNDB: JVNDB-2012-002213 // CNNVD: CNNVD-201205-033 // NVD: CVE-2011-3285

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-94	Trust: 1.9

sources: VULHUB: VHN-51230 // JVNDB: JVNDB-2012-002213 // NVD: CVE-2011-3285

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201205-033

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201205-033

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-002213

PATCH

title:

Cisco ASA 8.0.5 Interim Build Release Notes

url:

http://www.cisco.com/web/software/280775065/37740/ASA-805-Interim-Release-Notes.html

Trust: 0.8

sources: JVNDB: JVNDB-2012-002213

EXTERNAL IDS

db:	NVD	id:	CVE-2011-3285	Trust: 2.5
db:	SECTRACK	id:	1027008	Trust: 1.1
db:	JVNDB	id:	JVNDB-2012-002213	Trust: 0.8
db:	CNNVD	id:	CNNVD-201205-033	Trust: 0.7
db:	NSFOCUS	id:	19633	Trust: 0.6
db:	VULHUB	id:	VHN-51230	Trust: 0.1

sources: VULHUB: VHN-51230 // JVNDB: JVNDB-2012-002213 // CNNVD: CNNVD-201205-033 // NVD: CVE-2011-3285

REFERENCES

url:	http://www.cisco.com/web/software/280775065/37740/asa-805-interim-release-notes.html	Trust: 1.7
url:	http://www.securitytracker.com/id?1027008	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/75343	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3285	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3285	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/19633	Trust: 0.6

sources: VULHUB: VHN-51230 // JVNDB: JVNDB-2012-002213 // CNNVD: CNNVD-201205-033 // NVD: CVE-2011-3285

SOURCES

db:	VULHUB	id:	VHN-51230
db:	JVNDB	id:	JVNDB-2012-002213
db:	CNNVD	id:	CNNVD-201205-033
db:	NVD	id:	CVE-2011-3285

LAST UPDATE DATE

2024-11-23T22:02:41.061000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-51230	date:	2017-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2012-002213	date:	2012-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201205-033	date:	2012-05-03T00:00:00
db:	NVD	id:	CVE-2011-3285	date:	2024-11-21T01:30:11.657

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-51230	date:	2012-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2012-002213	date:	2012-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201205-033	date:	2012-05-03T00:00:00
db:	NVD	id:	CVE-2011-3285	date:	2012-05-02T10:09:21.317