How severe is CVE-2017-12309?

CVE-2017-12309 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2017-12309

Name: email_security_appliance_firmware
Author: cisco

5.3MEDIUM

A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the

发布于: 11/16/2017更新于: 4/20/2025

描述

A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. An exploit could allow the attacker to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits. Cisco Bug IDs: CSCvf16705.

AI分析AI驱动

受影响产品

ciscoemail_security_appliance_firmware

10.0.2-020

ciscoemail_security_appliance_firmware

11.0.0-105

参考资料

http://www.securityfocus.com/bid/101928
Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039831
Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-esa
Vendor Advisory
http://www.securityfocus.com/bid/101928
Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039831
Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-esa
Vendor Advisory