What is CVE-2017-12309?

CVE-2017-12309 is a medium-severity vulnerability in Cisco Email_security_appliance_firmware, classified under HTTP Response Splitting. CVSS score: 5.3/10. Published 2017-11-16.

How severe is CVE-2017-12309?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Cisco Email_security_appliance_firmware

CVE-2017-12309

A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to prope…

EPSS: 0.010 (77.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Cisco Email_security_appliance_firmware — versions 10.0.2-020, 11.0.0-105
N/a Cisco Email Security Appliance — versions Cisco Email Security Appliance

Weakness classification (CWE)

CWE-113 — HTTP Response Splitting

References

psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2017-12309?: CVE-2017-12309 is a medium-severity vulnerability in Cisco Email_security_appliance_firmware, classified under HTTP Response Splitting. CVSS score: 5.3/10. Published 2017-11-16.
How severe is CVE-2017-12309?: Medium severity. CVSS v3 base score is 5.3 out of 10.