What is the severity of CVE-2011-3285?

CVE-2011-3285 is classified as a high severity vulnerability due to its potential to allow remote attackers to inject arbitrary HTTP headers.

How do I fix CVE-2011-3285?

To remediate CVE-2011-3285, update your Cisco Adaptive Security Appliance to a patched software version recommended by Cisco.

What devices are affected by CVE-2011-3285?

CVE-2011-3285 affects Cisco Adaptive Security Appliances (ASA) 5500 series devices running software versions 8.0 through 8.4.

What kind of attacks can CVE-2011-3285 allow?

CVE-2011-3285 can enable attackers to conduct HTTP response splitting attacks.

Is there a workaround for CVE-2011-3285?

There are no documented workarounds for CVE-2011-3285; the recommended solution is to apply the appropriate software patch.

Vulnerability/
CVE-2011-3285

medium

CWE

94 20 93

2/5/2012

6/8/2024

CVE-2011-3285: Code Injection

First published: Wed May 02 2012(Updated: )

CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCth63101.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Adaptive Security Appliance Software	=8.0
Cisco Adaptive Security Appliance Software	=8.0\(2\)
Cisco Adaptive Security Appliance Software	=8.0\(3\)
Cisco Adaptive Security Appliance Software	=8.0\(4\)
Cisco Adaptive Security Appliance Software	=8.0\(5\)
Cisco Adaptive Security Appliance Software	=8.0.2
Cisco Adaptive Security Appliance Software	=8.0.3
Cisco Adaptive Security Appliance Software	=8.0.4
Cisco Adaptive Security Appliance Software	=8.0.5
Cisco Adaptive Security Appliance Software	=8.1
Cisco Adaptive Security Appliance Software	=8.2\(1\)
Cisco Adaptive Security Appliance Software	=8.2\(2\)
Cisco Adaptive Security Appliance Software	=8.2\(3\)
Cisco Adaptive Security Appliance Software	=8.2\(3.9\)
Cisco Adaptive Security Appliance Software	=8.2\(4\)
Cisco Adaptive Security Appliance Software	=8.2\(4.1\)
Cisco Adaptive Security Appliance Software	=8.2\(4.4\)
Cisco Adaptive Security Appliance Software	=8.2\(5\)
Cisco Adaptive Security Appliance Software	=8.2.1
Cisco Adaptive Security Appliance Software	=8.2.2
Cisco Adaptive Security Appliance Software	=8.2.2-interim
Cisco Adaptive Security Appliance Software	=8.2.3
Cisco Adaptive Security Appliance Software	=8.3\(1\)
Cisco Adaptive Security Appliance Software	=8.3\(2\)
Cisco Adaptive Security Appliance Software	=8.3.1
Cisco Adaptive Security Appliance Software	=8.3.1-interim
Cisco Adaptive Security Appliance Software	=8.3.2
Cisco Adaptive Security Appliance Software	=8.4
Cisco Adaptive Security Appliance Software	=8.4\(1\)
Cisco Adaptive Security Appliance Software	=8.4\(1.11\)
Cisco Adaptive Security Appliance Software	=8.4\(2\)
Cisco Adaptive Security Appliance Software	=8.4\(2.11\)
Cisco Adaptive Security Appliance 5500

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-3285?
CVE-2011-3285 is classified as a high severity vulnerability due to its potential to allow remote attackers to inject arbitrary HTTP headers.
How do I fix CVE-2011-3285?
To remediate CVE-2011-3285, update your Cisco Adaptive Security Appliance to a patched software version recommended by Cisco.
What devices are affected by CVE-2011-3285?
CVE-2011-3285 affects Cisco Adaptive Security Appliances (ASA) 5500 series devices running software versions 8.0 through 8.4.
What kind of attacks can CVE-2011-3285 allow?
CVE-2011-3285 can enable attackers to conduct HTTP response splitting attacks.
Is there a workaround for CVE-2011-3285?
There are no documented workarounds for CVE-2011-3285; the recommended solution is to apply the appropriate software patch.

collector/nvd-historical
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/last-modified-date
agent/weakness
agent/type
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
agent/author
vendor/cisco
canonical/cisco adaptive security appliance software
version/cisco adaptive security appliance software/8.0
version/cisco adaptive security appliance software/8.0\(2\)
version/cisco adaptive security appliance software/8.0\(3\)
version/cisco adaptive security appliance software/8.0\(4\)
version/cisco adaptive security appliance software/8.0\(5\)
version/cisco adaptive security appliance software/8.0.2
version/cisco adaptive security appliance software/8.0.3
version/cisco adaptive security appliance software/8.0.4
version/cisco adaptive security appliance software/8.0.5
version/cisco adaptive security appliance software/8.1
version/cisco adaptive security appliance software/8.2\(1\)
version/cisco adaptive security appliance software/8.2\(2\)
version/cisco adaptive security appliance software/8.2\(3\)
version/cisco adaptive security appliance software/8.2\(3.9\)
version/cisco adaptive security appliance software/8.2\(4\)
version/cisco adaptive security appliance software/8.2\(4.1\)
version/cisco adaptive security appliance software/8.2\(4.4\)
version/cisco adaptive security appliance software/8.2\(5\)
version/cisco adaptive security appliance software/8.2.1
version/cisco adaptive security appliance software/8.2.2
version/cisco adaptive security appliance software/8.2.2-interim
version/cisco adaptive security appliance software/8.2.3
version/cisco adaptive security appliance software/8.3\(1\)
version/cisco adaptive security appliance software/8.3\(2\)
version/cisco adaptive security appliance software/8.3.1
version/cisco adaptive security appliance software/8.3.1-interim
version/cisco adaptive security appliance software/8.3.2
version/cisco adaptive security appliance software/8.4
version/cisco adaptive security appliance software/8.4\(1\)
version/cisco adaptive security appliance software/8.4\(1.11\)
version/cisco adaptive security appliance software/8.4\(2\)
version/cisco adaptive security appliance software/8.4\(2.11\)
canonical/cisco adaptive security appliance 5500