Cisco Bug: CSCua83032 - Some parts of the WebVPN login susceptible to HTTP Response Splitting
Apr 16, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: ASA is vulnerable to HTTP response splitting in certain URLs. HTTP response splitting is the ability for an attacker to modify the headers of an HTTP response due to lack of input validation on requests that are sent to the application server. Detail on HTTP response splitting defects : http://en.wikipedia.org/wiki/HTTP_response_splitting http://www.owasp.org/index.php/HTTP_Response_Splitting Conditions: This is default behavior for the ASA if Clientless webvpn is enabled.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases