CVE-2010-2629
Cisco Content Services Switch 11500 < 8.20.3.03 and ACE 4710 < A3(2.5) - HTTP Request Smuggling via LF Header Terminator
Title source: llmDescription
The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/512144/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1024167
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/41315
Vendor Advisory x_refsource_misc
http://www.vsecurity.com/resources/advisory/20100702-1/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1024168
Scores
EPSS
0.0147
EPSS Percentile
70.7%
Details
CWE
CWE-20
Status
published
Products (8)
cisco/ace_4710
a1\(2.0\)
cisco/ace_4710
a1\(8.0\)
cisco/ace_4710
< a3\(2.5\)
cisco/content_services_switch_11500
8.20.0.01
cisco/content_services_switch_11500
08.20.1.01
cisco/content_services_switch_11500
8.20.1.01
cisco/content_services_switch_11500
8.20.2.01
cisco/content_services_switch_11500
< 8.20.3.03
Published
Jul 06, 2010
Tracked Since
Feb 18, 2026