{ "id": "CVE-2011-3285", "sourceIdentifier": "ykramarz@cisco.com", "published": "2012-05-02T10:09:21.317", "lastModified": "2017-12-07T02:29:08.227", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCth63101." }, { "lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n CRLF en /+CSCOE+/logon.html en Cisco Adaptive Security Appliances (ASA) 5500 con software v8.0 a v8.4 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de divisi\u00f3n de respuesta HTTP a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCth63101." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-20" }, { "lang": "en", "value": "CWE-94" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C32BEE04-36F6-44B2-9735-43085DB9FA1B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.0\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "88C8DF80-63E3-4F74-A998-91406C997637" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.0\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "3F01BB48-05B1-4816-A7D3-D7D230E5FA47" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.0\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "39CC9D80-E4B4-4147-B7AD-E36003B37420" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.0\\(5\\):*:*:*:*:*:*:*", "matchCriteriaId": "3DB106E8-8844-451D-AA91-0197ECC4B451" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "328AA1BC-FE79-4FA7-8C5A-C9CAB34506BD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "5EDCF4C3-1DFD-4273-BD41-1C7DF475D1B7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "B84AB0E6-0CAF-4A93-9C9E-0BB28D3D8ACC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "6AF7472D-1E37-4F21-8A33-ADDD00666FB9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "FF65DC1B-9B94-40A2-9934-AB40324CDC12" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.2\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "4064372B-D5C6-4EE7-B227-919DA61502CD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.2\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "CE971B52-825B-4DA3-9585-ED5BE84F3795" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.2\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "65660DBC-2FE1-470F-9EA6-9BB901B8E4B6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.2\\(3.9\\):*:*:*:*:*:*:*", "matchCriteriaId": "EEC19E9A-B38B-4BB5-9D0B-0E9BEAA52B04" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.2\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "96FA6AA6-6224-4FBA-B995-9F249DF042A3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.2\\(4.1\\):*:*:*:*:*:*:*", "matchCriteriaId": "BDA57E19-ABED-472D-9BB3-ECDE9BD19046" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.2\\(4.4\\):*:*:*:*:*:*:*", "matchCriteriaId": "375DF649-0416-4697-B3E7-5BECFB92BB33" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.2\\(5\\):*:*:*:*:*:*:*", "matchCriteriaId": "9175E2E6-29D7-45A6-AE21-1C4D5F44C3F8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "BA9EDACF-992A-46BB-8D78-7E9852755201" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "FE8E3E70-3BDB-49B7-A2E0-BA8F2EA50320" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.2.2:interim:*:*:*:*:*:*", "matchCriteriaId": "3DF92CAB-E480-448E-B16E-29B8760C6621" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "22BC27BA-0960-4938-BBBC-29F0469BE01B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.3\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "0A311E1C-A154-4162-8392-A5C83006F378" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.3\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "BD33835E-EB26-4D42-970E-BA53CDE24F7C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "B2D8A146-41E2-4407-8812-C6FF95DEA6FD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.3.1:interim:*:*:*:*:*:*", "matchCriteriaId": "BD10E2EC-208C-484D-84B6-2C03FA69A3CD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "116EFBF1-CE60-4536-982C-44BED24F4C2F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "C2710F16-1DCA-4D21-BA91-04931A7EC45E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.4\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "5DA54B49-D405-4414-AAF2-FACFE7A7E9CC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.4\\(1.11\\):*:*:*:*:*:*:*", "matchCriteriaId": "C344A669-277A-42FD-B41C-A9EB8A7CDB37" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.4\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "80B6E036-F6B4-44C2-A0BF-1D54F794D276" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.4\\(2.11\\):*:*:*:*:*:*:*", "matchCriteriaId": "BBED6E6F-7B23-45DC-B10A-C263B37A8D08" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:h:cisco:5500_series_adaptive_security_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CB79D96-75EA-4B4F-99A7-9AB4158B7301" } ] } ] } ], "references": [ { "url": "http://www.cisco.com/web/software/280775065/37740/ASA-805-Interim-Release-Notes.html", "source": "ykramarz@cisco.com" }, { "url": "http://www.securitytracker.com/id?1027008", "source": "ykramarz@cisco.com" }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75343", "source": "ykramarz@cisco.com" } ] }