Cisco Email Security Appliance is prone to an HTTP response-splitting vulnerability because it fails to properly sanitize user-supplied input.
Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust.
This issue is being tracked by Cisco Bug ID CSCvf16705.
Information
Cisco Email Security Appliance 10.0.2-020
Exploit
To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.
References: