Preview Tool

Cisco Bug: CSCur25580 - Cisco Headend Digital Broadband Delivery System HTTP Response Splitting

Last Modified

Jun 23, 2020

Products (1)

  • Headend System Releases

Known Affected Releases


Description (partial)

A vulnerability in the Cisco Headend Digital Broadband Delivery System could allow an unauthenticated, remote attacker to conduct HTTP response-splitting attacks.
The vulnerability is due to improper user input sanitization performed by the HTTP Header Handler within the affected software while handling HTTP requests. An attacker could exploit this vulnerability by convincing a user to follow a malicious HTTP URL with a crafted carriage return-line feed (CRLF) characters. When processed, such characters could allow the attack to execute arbitrary script code in the browser in the security context of the affected site or to generate crafted responses for the user. This may allow the attacker to conduct further attacks on the targeted system.

Device running with default configuration running an affected version of software.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.