CVE-2015-0733

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-0733
CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks, via a crafted request, aka Bug ID CSCur25580.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=38863 Vendor Advisory
http://www.securitytracker.com/id/1032445 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:o:cisco:headend_digital_broadband_delivery_system:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2015-05-30 14:59

Updated : 2024-02-28 15:21

NVD link : CVE-2015-0733

Mitre link : CVE-2015-0733

CVE.ORG link : CVE-2015-0733

JSON object : View

Products Affected

cisco

  • headend_digital_broadband_delivery_system
CWE
CWE-113

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')