Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2138

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-2138
Last Modified 02 Apr 2014 12:56:56
Published 01 Apr 2014 11:58:17
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2138

Summary

CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349.

Vulnerable Systems

Application

  • Cisco Security Manager 3.0.2

  • Cisco Security Manager 3.1

  • Cisco Security Manager 3.1.1

  • Cisco Security Manager 3.2

  • Cisco Security Manager 3.2.1

  • Cisco Security Manager 3.2.2

  • Cisco Security Manager 3.3

  • Cisco Security Manager 3.3.1

  • Cisco Security Manager 4.0

  • Cisco Security Manager 4.0.1

  • Cisco Security Manager 4.1

  • Cisco Security Manager 4.2


References

CONFIRM - http://tools.cisco.com/security/center/viewAlert.x?alertId=33607

CISCO - 20140401 Cisco Security Manager HTTP Header Redirection Vulnerability


Last Updated: 27 May 2016 11:04:50