7.5

CVE-2010-1575

Exploit
The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a ClientCert-Subject-CN header, aka Bug ID CSCsz04690.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoContent Services Switch 11500 Version08.20.1.01
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.69% 0.74
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://osvdb.org/66091
http://securitytracker.com/id?1024167
http://www.securityfocus.com/archive/1/512144/100/0/threaded
http://www.securityfocus.com/bid/41315
http://www.vsecurity.com/resources/advisory/20100702-1/
Exploit