Lucene search

[email protected]NVD:CVE-2015-0733

HistoryMay 30, 2015 - 2:59 p.m.

CVE-2015-0733

2015-05-3014:59:00

CWE-113

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON

CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks, via a crafted request, aka Bug ID CSCur25580.

Affected configurations

Nvd

Node

ciscoheadend_digital_broadband_delivery_systemMatch-

VendorProductVersionCPE
ciscoheadend_digital_broadband_delivery_system-cpe:2.3:o:cisco:headend_digital_broadband_delivery_system:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	headend_digital_broadband_delivery_system	-	cpe:2.3:o:cisco:headend_digital_broadband_delivery_system:-:::::::*

References

tools.cisco.com/security/center/viewAlert.x?alertId=38863

www.securitytracker.com/id/1032445

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON

Related for NVD:CVE-2015-0733

cvelist1 prion1 cve1 cisco1