CVE-2010-2629

Cisco Content Services Switch 11500 < 8.20.3.03 and ACE 4710 < A3(2.5) - HTTP Request Smuggling via LF Header Terminator

Title source: llm
STIX 2.1

Description

The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/512144/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1024167
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/41315
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1024168

Scores

EPSS 0.0147
EPSS Percentile 70.7%

Details

CWE
CWE-20
Status published
Products (8)
cisco/ace_4710 a1\(2.0\)
cisco/ace_4710 a1\(8.0\)
cisco/ace_4710 < a3\(2.5\)
cisco/content_services_switch_11500 8.20.0.01
cisco/content_services_switch_11500 08.20.1.01
cisco/content_services_switch_11500 8.20.1.01
cisco/content_services_switch_11500 8.20.2.01
cisco/content_services_switch_11500 < 8.20.3.03
Published Jul 06, 2010
Tracked Since Feb 18, 2026