CVE-2014-2137 — Improper Input Validation in Cisco WEB Security Virtual Appliance

CWE-20 — Improper Input Validation5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 56.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco WEB Security Virtual Appliance

Timeline

PublishedApr 2

Latest updateMay 17

Description

CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/web_security_virtual_appliance7.7+7

🔴Vulnerability Details

GHSA

GHSA-p7j4-x6vj-wmfx: CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7↗2022-05-17

▶

CVEList

CVE-2014-2137: CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7↗2014-04-02

▶

📋Vendor Advisories

Cisco

Cisco WSA HTTP Header Injection Vulnerability↗2014-04-01

▶