Release date:
Updated on:
Affected Systems:
Cisco ASA 5500 Series Adaptive Security Appliance 8.0-8.4
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2011-3285
The Cisco ASA 5500 Series Adaptive Security Device is a modular platform for providing security and VPN services. It provides firewall, IPS, anti-X, and VPN services.
The CRLF Injection vulnerability exists in/+ CSCOE +/logon.html of Cisco Adaptive Security Appliances (ASA) 5500 Series software versions 8.0 to 8.4, attackers can inject arbitrary HTTP headers and execute HTTP Response isolation attacks.
<* Source: vendor
Link: http://www.cisco.com/web/software/280775065/37740/ASA-805-Interim-Release-Notes.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (ASA-805-Interim-Release-Notes) and patches for this:
Cisco ASA Interim Release Notes ASA-805-Interim-Release-Notes
Link: http://www.cisco.com/web/software/280775065/37740/ASA-805-Interim-Release-Notes.html