CVE-2008-7257

Cisco ASA 5580 - CRLF Injection via WebVPN URI

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7257. PoCs published by Daniel King.

AI-analyzed exploit summary This is a writeup describing an HTTP response-splitting vulnerability in Cisco ASA. It includes a sample request and response demonstrating the vulnerability but does not contain executable exploit code.

Description

CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Daniel King · textremotehardware

https://www.exploit-db.com/exploits/34200

View Code ZIP pw:eip

This is a writeup describing an HTTP response-splitting vulnerability in Cisco ASA. It includes a sample request and response demonstrating the vulnerability but does not contain executable exploit code.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Cisco Adaptive Security Appliance (ASA) firmware versions prior to 8.1(2)

No auth needed

Prerequisites: Network access to the vulnerable Cisco ASA device

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/41159

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/512023/100/0/threaded

Release Notes x_refsource_confirm

http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1024155

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/59850

Various Sources x_refsource_misc

http://www.secureworks.com/ctu/advisories/SWRX-2010-001

Scores

EPSS 0.1157

EPSS Percentile 95.5%

Details

CWE

CWE-20

Status published

Products (1)

cisco/asa_5580 8.1\(1\)

Published Jun 29, 2010

Tracked Since Feb 18, 2026