Improper input validation in Cisco Ace_4710

CVE-2010-1576

The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF seq…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.002 (46.4th percentile) — read the EPSS interpretation.

Affected products

Cisco Ace_4710 — versions a1\(2.0\), a1\(8.0\)
Cisco Content_services_switch_11500 — versions 8.20.0.01, 8.20.1.01, 08.20.1.01
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities (mailing-list, x_refsource_BUGTRAQ)
1024167 (vdb-entry, x_refsource_SECTRACK)
41315 (vdb-entry, x_refsource_BID)
psirt@cisco.com (Exploit, x_refsource_MISC)
66092 (x_refsource_OSVDB, vdb-entry)
1024168 (vdb-entry, x_refsource_SECTRACK)