VAR-201007-0238
Vulnerability from variot - Updated: 2023-12-18 12:39The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576. This vulnerability CVE-2010-1576 Due to an incomplete fix.Through a specially crafted header data by a third party, HTTP A request smuggling attack may be performed and intended header insertion may be avoided. The Cisco CSS 11500 Content Services Switch is a load balancing device that provides robust and scalable network services (layers 4-7) for the data center. An attacker can exploit these issues to impersonate other users when using client certificate-based authentication and to bypass certain security restrictions. Other attacks are also possible. These issues are being tracked by Cisco Bugid CSCSZ04690 and CSCTA04885
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201007-0238",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "content services switch 11500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.20.2.01"
},
{
"model": "content services switch 11500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.20.0.01"
},
{
"model": "ace 4710",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "a1\\(2.0\\)"
},
{
"model": "ace 4710",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "a1\\(8.0\\)"
},
{
"model": "content services switch 11500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "08.20.1.01"
},
{
"model": "content services switch 11500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.20.1.01"
},
{
"model": "ace 4710",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "a3\\(2.5\\)"
},
{
"model": "content services switch 11500",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "8.20.3.03"
},
{
"model": "css11500 content services switch",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ace 4710",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "software a2(3.0)"
},
{
"model": "content services switch 11500",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "software 8.20.4.02"
},
{
"model": "content services switch 11500",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8.20.3.03"
},
{
"model": "ace 4710",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "a3\\(2.5\\)"
},
{
"model": "ace appliance a3",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4750"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3981"
},
{
"db": "BID",
"id": "41315"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004188"
},
{
"db": "NVD",
"id": "CVE-2010-2629"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-047"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:content_services_switch_11500:08.20.1.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:content_services_switch_11500:8.20.1.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:content_services_switch_11500:8.20.0.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.20.3.03",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:content_services_switch_11500:8.20.2.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:ace_4710:a1\\(8.0\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ace_4710:a1\\(2.0\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "a3\\(2.5\\)",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2629"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "George D. Gal\u203b ggal@vsecurity.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201007-047"
}
],
"trust": 0.6
},
"cve": "CVE-2010-2629",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2010-2629",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2010-3981",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-45234",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-2629",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2010-3981",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201007-047",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-45234",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3981"
},
{
"db": "VULHUB",
"id": "VHN-45234"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004188"
},
{
"db": "NVD",
"id": "CVE-2010-2629"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-047"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576. This vulnerability CVE-2010-1576 Due to an incomplete fix.Through a specially crafted header data by a third party, HTTP A request smuggling attack may be performed and intended header insertion may be avoided. The Cisco CSS 11500 Content Services Switch is a load balancing device that provides robust and scalable network services (layers 4-7) for the data center. \nAn attacker can exploit these issues to impersonate other users when using client certificate-based authentication and to bypass certain security restrictions. Other attacks are also possible. \nThese issues are being tracked by Cisco Bugid CSCSZ04690 and CSCTA04885",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2629"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004188"
},
{
"db": "CNVD",
"id": "CNVD-2010-3981"
},
{
"db": "BID",
"id": "41315"
},
{
"db": "VULHUB",
"id": "VHN-45234"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2629",
"trust": 3.4
},
{
"db": "BID",
"id": "41315",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1024167",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1024168",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004188",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201007-047",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2010-3981",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20100702 VSR ADVISORY: MULTIPLE CISCO CSS / ACE CLIENT CERTIFICATE AND HTTP HEADER MANIPULATION VULNERABILITIES",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "15368",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-45234",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3981"
},
{
"db": "VULHUB",
"id": "VHN-45234"
},
{
"db": "BID",
"id": "41315"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004188"
},
{
"db": "NVD",
"id": "CVE-2010-2629"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-047"
}
]
},
"id": "VAR-201007-0238",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3981"
},
{
"db": "VULHUB",
"id": "VHN-45234"
}
],
"trust": 1.2396825699999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3981"
}
]
},
"last_update_date": "2023-12-18T12:39:03.341000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004188"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-45234"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004188"
},
{
"db": "NVD",
"id": "CVE-2010-2629"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/41315"
},
{
"trust": 2.0,
"url": "http://www.vsecurity.com/resources/advisory/20100702-1/"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1024167"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1024168"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/512144/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2629"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2629"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/512144/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/15368"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "/archive/1/512144"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3981"
},
{
"db": "VULHUB",
"id": "VHN-45234"
},
{
"db": "BID",
"id": "41315"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004188"
},
{
"db": "NVD",
"id": "CVE-2010-2629"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-047"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-3981"
},
{
"db": "VULHUB",
"id": "VHN-45234"
},
{
"db": "BID",
"id": "41315"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004188"
},
{
"db": "NVD",
"id": "CVE-2010-2629"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-047"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-07-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3981"
},
{
"date": "2010-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-45234"
},
{
"date": "2010-07-02T00:00:00",
"db": "BID",
"id": "41315"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004188"
},
{
"date": "2010-07-06T17:17:13.517000",
"db": "NVD",
"id": "CVE-2010-2629"
},
{
"date": "2010-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201007-047"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-07-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3981"
},
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-45234"
},
{
"date": "2015-04-13T21:05:00",
"db": "BID",
"id": "41315"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004188"
},
{
"date": "2018-10-10T19:59:52.933000",
"db": "NVD",
"id": "CVE-2010-2629"
},
{
"date": "2010-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201007-047"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201007-047"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco CSS 11500 and ACE 4710 Vulnerabilities in which intended header insertion could be bypassed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004188"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201007-047"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…