Cisco Email Security Appliance CVE-2017-12309 HTTP Response Splitting Vulnerability



Cisco Email Security Appliance is prone to an HTTP response-splitting vulnerability because it fails to properly sanitize user-supplied input.

Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust.

This issue is being tracked by Cisco Bug ID CSCvf16705.

Information

Bugtraq ID: 101928
Class: Input Validation Error
CVE: CVE-2017-12309

Remote: Yes
Local: No
Published: Nov 15 2017 12:00AM
Updated: Nov 15 2017 12:00AM
Credit: Cisco
Vulnerable: Cisco Email Security Appliance 11.0.0-105
Cisco Email Security Appliance 10.0.2-020


Not Vulnerable:

Exploit


To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.


Related Posts

Comments