漏洞类别:Cisco
漏洞等级: 
漏洞信息
A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack.
The vulnerability is due to the failure of the application or its environment to properly sanitize input values.
漏洞危害
An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. An exploit could allow the attacker to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits.
解决方案
Refer to Cisco advisory cisco-sa-20171115-esa for updates and patch information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论