CVE-2014-2137

Public PoC / Exploit

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002.

Weaknesses (CWE)

CWE-20

Affected Products (9)

cisco · web_security_virtual_appliancevulnerable

cisco · web_security_appliancevulnerable

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2137

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=33608

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2137

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=33608

Vendor Advisory