CVE-2011-4237

CWE-94 — Code Injection4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 48.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Ciscoworks Common Services

Timeline

PublishedMay 3

Latest updateMay 17

Description

CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/ciscoworks_common_services4.0

🔴Vulnerability Details

GHSA

GHSA-gx5r-ph5h-r7wr: CRLF injection vulnerability in autologin↗2022-05-17

▶

CVEList

CVE-2011-4237: CRLF injection vulnerability in autologin↗2012-05-03

▶

📋Vendor Advisories

Cisco

CiscoWorks Prime LAN Management Solution CRLF Injection and HTTP Response Splitting Vulnerability↗2012-05-10

▶