CVE-2010-1576

Cisco CSS 11500 <8.20.4.02 & ACE 4710 <A2(3.0) HTTP Request Smuggling

Title source: llm
STIX 2.1

Description

The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/512144/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1024167
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/41315
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/66092
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1024168

Scores

EPSS 0.0183
EPSS Percentile 76.4%

Details

CWE
CWE-20
Status published
Products (8)
cisco/ace_4710 a1\(2.0\)
cisco/ace_4710 a1\(8.0\)
cisco/ace_4710 < a3\(2.5\)
cisco/content_services_switch_11500 8.20.0.01
cisco/content_services_switch_11500 08.20.1.01
cisco/content_services_switch_11500 8.20.1.01
cisco/content_services_switch_11500 8.20.2.01
cisco/content_services_switch_11500 < 8.20.3.03
Published Jul 06, 2010
Tracked Since Feb 18, 2026