CVE-2011-4237

CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:ciscoworks_common_services:4.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_lan_management_solution:4.2:*:*:*:*:*:*:*

History

21 Nov 2024, 01:32

Type Values Removed Values Added
References () http://secunia.com/advisories/49094 - () http://secunia.com/advisories/49094 -
References () http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/release/notes/lms42rel.html - () http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/release/notes/lms42rel.html -
References () http://www.nessus.org/plugins/index.php?view=single&id=58950 - () http://www.nessus.org/plugins/index.php?view=single&id=58950 -

Information

Published : 2012-05-03 10:11

Updated : 2024-11-21 01:32


NVD link : CVE-2011-4237

Mitre link : CVE-2011-4237

CVE.ORG link : CVE-2011-4237


JSON object : View

Products Affected

cisco

  • ciscoworks_common_services
  • prime_lan_management_solution
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')