CVE-2015-0733

CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks, via a crafted request, aka Bug ID CSCur25580.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=38863	Vendor Advisory
http://www.securitytracker.com/id/1032445	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:o:cisco:headend_digital_broadband_delivery_system:-:*:*:*:*:*:*:*

Information

Published : 2015-05-30 07:59

Updated : 2017-01-04 06:58

NVD link : CVE-2015-0733

Mitre link : CVE-2015-0733

JSON object : View

CWE

CWE-113

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

Products Affected

cisco

headend_digital_broadband_delivery_system

4.3 /10