Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4237

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4237
Last Modified 08 Jun 2012 11:38:09
Published 03 May 2012 06:11:39
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4237

Summary

CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693.

Vulnerable Systems

Application

  • Ciscoworks Common Services 4.0


References

MISC - http://www.nessus.org/plugins/index.php?view=single&id=58950

CONFIRM - http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/release/notes/lms42rel.html

SECUNIA - 49094


Last Updated: 27 May 2016 10:49:37