CVE-2015-0733

Cisco Headend Digital Broadband Delivery System - XSS

Title source: rule

Description

CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks, via a crafted request, aka Bug ID CSCur25580.

References (2)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1032445

[Vendor Advisory] http://tools.cisco.com/security/center/viewAlert.x?alertId=38863

Scores

EPSS 0.0027

EPSS Percentile 50.8%

Details

CWE

CWE-113

Status published

Products (1)

cisco/headend_digital_broadband_delivery_system

Published May 30, 2015

Tracked Since Feb 18, 2026