RCE in Cisco 5500_series_adaptive_security_appliance
CVE-2011-3285
CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.003 (51.3th percentile) — read the EPSS interpretation.
Affected products
- Cisco 5500_series_adaptive_security_appliance
- Cisco Adaptive_security_appliance_software — versions 8.0, 8.0\(2\), 8.0\(3\)
- N/a — versions n/a
Weakness classification (CWE)
References
- psirt@cisco.com (x_refsource_CONFIRM)
- cisco-asa-logon-response-splitting(75343) (vdb-entry, x_refsource_XF)
- 1027008 (vdb-entry, x_refsource_SECTRACK)