Improper input validation in Cisco Ace_4710
CVE-2010-2629
The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.003 (56.3th percentile) — read the EPSS interpretation.
Affected products
- Cisco Ace_4710 — versions a1\(2.0\), a1\(8.0\)
- Cisco Content_services_switch_11500 — versions 8.20.0.01, 8.20.1.01, 08.20.1.01
- N/a — versions n/a
Weakness classification (CWE)
References
- 20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities (mailing-list, x_refsource_BUGTRAQ)
- 1024167 (vdb-entry, x_refsource_SECTRACK)
- 41315 (vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_MISC)
- 1024168 (vdb-entry, x_refsource_SECTRACK)