CVE-2011-3285
Cisco Adaptive Security Appliance Software 8.0-8.4 - HTTP Response Splitting via CRLF Injection
Title source: llmDescription
CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCth63101.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.cisco.com/web/software/280775065/37740/ASA-805-Interim-Release-Notes.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75343
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1027008
Scores
EPSS
0.0203
EPSS Percentile
78.7%
Details
CWE
CWE-20
CWE-94
Status
published
Products (31)
cisco/5500_series_adaptive_security_appliance
cisco/adaptive_security_appliance_software
8.0
cisco/adaptive_security_appliance_software
8.0\(2\)
cisco/adaptive_security_appliance_software
8.0\(3\)
cisco/adaptive_security_appliance_software
8.0\(4\)
cisco/adaptive_security_appliance_software
8.0\(5\)
cisco/adaptive_security_appliance_software
8.0.2
cisco/adaptive_security_appliance_software
8.0.3
cisco/adaptive_security_appliance_software
8.0.4
cisco/adaptive_security_appliance_software
8.0.5
... and 21 more
Published
May 02, 2012
Tracked Since
Feb 18, 2026