Guest

Preview Tool

Cisco Bug: CSCua83032 - Some parts of the WebVPN login susceptible to HTTP Response Splitting

Last Modified

Apr 16, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.2(5) 9.0(0.4)

Description (partial)

Symptom:
ASA is vulnerable to HTTP response splitting in certain URLs. HTTP response splitting is the ability for an attacker to modify the headers of an
HTTP response due to lack of input validation on requests that are sent to the application server.

 Detail on HTTP response splitting defects :
 
 http://en.wikipedia.org/wiki/HTTP_response_splitting
 http://www.owasp.org/index.php/HTTP_Response_Splitting

Conditions:
 This is default behavior for the ASA if Clientless webvpn is enabled.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.