Cisco Email Security Appliance CVE-2017-12309 HTTP Response Splitting Vulnerability

Cisco Email Security Appliance is prone to an HTTP response-splitting vulnerability because it fails to properly sanitize user-supplied input.

Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust.

This issue is being tracked by Cisco Bug ID CSCvf16705.

Information

Bugtraq ID: 101928
Class: Input Validation Error
CVE: CVE-2017-12309

Remote: Yes
Local: No
Published: Nov 15 2017 12:00AM
Updated: Nov 15 2017 12:00AM
Credit: Cisco
Vulnerable: Cisco Email Security Appliance 11.0.0-105
Cisco Email Security Appliance 10.0.2-020

Not Vulnerable:

Exploit

To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.

References:

Cisco Email Security Appliance Homepage (Cisco)
Cisco Email Security Appliance HTTP Response Splitting Vulnerability (Cisco)

Source: www.securityfocus.com

Exploit Collector

Search Exploit