Vulnerability in Cisco Content_services_switch_11500

CVE-2010-1575

The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authenti…

EPSS: 0.003 (50.3th percentile) — read the EPSS interpretation.

Affected products

Cisco Content_services_switch_11500 — versions 08.20.1.01
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities (mailing-list, x_refsource_BUGTRAQ)
1024167 (vdb-entry, x_refsource_SECTRACK)
41315 (vdb-entry, x_refsource_BID)
psirt@cisco.com (Exploit, x_refsource_MISC)
66091 (x_refsource_OSVDB, vdb-entry)