What is the severity of CVE-2010-1576?

CVE-2010-1576 has been classified with a medium to high severity rating due to potential remote code execution risks.

How do I fix CVE-2010-1576?

To mitigate CVE-2010-1576, upgrade the Cisco Content Services Switch 11500 to version 8.20.4.02 or later and the ACE 4710 to version A2(3.0) or later.

What versions of Cisco products are affected by CVE-2010-1576?

CVE-2010-1576 affects Cisco Content Services Switch 11500 with versions prior to 8.20.4.02 and ACE 4710 prior to A2(3.0).

What is the risk associated with CVE-2010-1576?

The risk associated with CVE-2010-1576 includes the potential for attackers to exploit the vulnerability for unauthorized actions on the affected devices.

How can I determine if I am vulnerable to CVE-2010-1576?

To determine vulnerability to CVE-2010-1576, check your version of the Cisco Content Services Switch 11500 or ACE 4710 against the known affected versions.

Vulnerability/
CVE-2010-1576

high

7.5

CWE

6/7/2010

7/8/2024

CVE-2010-1576: Input Validation

First published: Tue Jul 06 2010(Updated: )

The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Content Services Switch 11500	<=8.20.3.03
Cisco Content Services Switch 11500	=8.20.0.01
Cisco Content Services Switch 11500	=08.20.1.01
Cisco Content Services Switch 11500	=8.20.1.01
Cisco Content Services Switch 11500	=8.20.2.01
Cisco ACE 4710 Application Control Engine	<=a3\(2.5\)
Cisco ACE 4710 Application Control Engine	=a1\(2.0\)
Cisco ACE 4710 Application Control Engine	=a1\(8.0\)

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-1576?
CVE-2010-1576 has been classified with a medium to high severity rating due to potential remote code execution risks.
How do I fix CVE-2010-1576?
To mitigate CVE-2010-1576, upgrade the Cisco Content Services Switch 11500 to version 8.20.4.02 or later and the ACE 4710 to version A2(3.0) or later.
What versions of Cisco products are affected by CVE-2010-1576?
CVE-2010-1576 affects Cisco Content Services Switch 11500 with versions prior to 8.20.4.02 and ACE 4710 prior to A2(3.0).
What is the risk associated with CVE-2010-1576?
The risk associated with CVE-2010-1576 includes the potential for attackers to exploit the vulnerability for unauthorized actions on the affected devices.
How can I determine if I am vulnerable to CVE-2010-1576?
To determine vulnerability to CVE-2010-1576, check your version of the Cisco Content Services Switch 11500 or ACE 4710 against the known affected versions.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/weakness
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/cisco
canonical/cisco content services switch 11500
version/cisco content services switch 11500/8.20.3.03
version/cisco content services switch 11500/8.20.0.01
version/cisco content services switch 11500/08.20.1.01
version/cisco content services switch 11500/8.20.1.01
version/cisco content services switch 11500/8.20.2.01
canonical/cisco ace 4710 application control engine
version/cisco ace 4710 application control engine/a3\(2.5\)
version/cisco ace 4710 application control engine/a1\(2.0\)
version/cisco ace 4710 application control engine/a1\(8.0\)