CVE-2019-15259

A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request on an affected device. A successful exploit could allow the attacker to perform cross-site scripting attacks, web cache poisoning, access sensitive browser-based information, and similar exploits.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_contact_center_express:12.0\(1\):*:*:*:*:*:*:*

History

21 Nov 2024, 04:28

Type Values Removed Values Added
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-uccx-http - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-uccx-http - Vendor Advisory

Information

Published : 2019-10-02 19:15

Updated : 2024-11-21 04:28


NVD link : CVE-2019-15259

Mitre link : CVE-2019-15259

CVE.ORG link : CVE-2019-15259


JSON object : View

Products Affected

cisco

  • unified_contact_center_express
CWE
CWE-113

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')