CVE-2011-3285

Cisco Adaptive Security Appliance Software 8.0-8.4 - HTTP Response Splitting via CRLF Injection

Title source: llm
STIX 2.1

Description

CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCth63101.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75343
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027008

Scores

EPSS 0.0203
EPSS Percentile 78.7%

Details

CWE
CWE-20 CWE-94
Status published
Products (31)
cisco/5500_series_adaptive_security_appliance
cisco/adaptive_security_appliance_software 8.0
cisco/adaptive_security_appliance_software 8.0\(2\)
cisco/adaptive_security_appliance_software 8.0\(3\)
cisco/adaptive_security_appliance_software 8.0\(4\)
cisco/adaptive_security_appliance_software 8.0\(5\)
cisco/adaptive_security_appliance_software 8.0.2
cisco/adaptive_security_appliance_software 8.0.3
cisco/adaptive_security_appliance_software 8.0.4
cisco/adaptive_security_appliance_software 8.0.5
... and 21 more
Published May 02, 2012
Tracked Since Feb 18, 2026