CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:32
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/49094 - | |
References | () http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/release/notes/lms42rel.html - | |
References | () http://www.nessus.org/plugins/index.php?view=single&id=58950 - |
Information
Published : 2012-05-03 10:11
Updated : 2024-11-21 01:32
NVD link : CVE-2011-4237
Mitre link : CVE-2011-4237
CVE.ORG link : CVE-2011-4237
JSON object : View
Products Affected
cisco
- ciscoworks_common_services
- prime_lan_management_solution
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')