CVE-2017-12309

CWE-1134 documents4 sources
Severity
5.3MEDIUM
EPSS
1.0%
top 23.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Email Security Appliance Firmware
Timeline
PublishedNov 16
Latest updateMay 13

Description

A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. An exploit could allow the attacker to perform cross-site scripting at

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco_email_security_applianceCisco Email Security Appliance
NVDcisco/email_security_appliance_firmware10.0.2-020, 11.0.0-105+1

🔴Vulnerability Details

2
GHSA
GHSA-fr94-63q7-g53g: A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attac2022-05-13
CVEList
CVE-2017-12309: A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attac2017-11-16

📋Vendor Advisories

1
Cisco
Cisco Email Security Appliance and Content Security Management Appliance HTTP Response Splitting Vulnerability2017-11-15
CVE-2017-12309 (MEDIUM CVSS 5.3) | A vulnerability in the Cisco Email | cvebase.io