CVE-2011-4237
published 2012-05-03CVE-2011-4237: CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products…
PriorityP423medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.17%
63.4th percentile
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ciscoworks_common_services | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_cisco4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gx5r-ph5h-r7wr: CRLF injection vulnerability in autologin
ghsa_unreviewed·2022-05-17
CVE-2011-4237 [MEDIUM] CWE-94 GHSA-gx5r-ph5h-r7wr: CRLF injection vulnerability in autologin
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693.
Cisco
CiscoWorks Prime LAN Management Solution CRLF Injection and HTTP Response Splitting Vulnerability
vendor_cisco·2012-05-10·CVSS 4.3
CVE-2011-4237 [MEDIUM] CWE-94 CiscoWorks Prime LAN Management Solution CRLF Injection and HTTP Response Splitting Vulnerability
CiscoWorks Prime LAN Management Solution CRLF Injection and HTTP Response Splitting Vulnerability
Cisco Prime LAN Management Solution versions prior to 4.2 contain a vulnerability that could allow an unauthenticated, remote attacker to inject arbitrary code and conduct HTTP response-splitting attacks on a targeted system.
The vulnerability exists because the affected software improperly sanitizes user-supplied input while handling HTTP headers. An unauthenticated, remote attacker could exploit the vulnerability by convincing a user to follow a malicious link. If successful, the attacker could conduct carriage return-line feed (CRLF) injection and HTTP response-splitting attacks against the user.
Cisco has confirmed this vulnerability and released updated software.
To exploit the vulnera
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/49094http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/release/notes/lms42rel.htmlhttp://www.nessus.org/plugins/index.php?view=single&id=58950http://secunia.com/advisories/49094http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/release/notes/lms42rel.htmlhttp://www.nessus.org/plugins/index.php?view=single&id=58950
2012-05-03
Published