Описание
A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to the browser of the user.
Уязвимые конфигурации
EPSS
4.7 Medium
CVSS3
4.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to the browser of the user.
Уязвимость облачного сервиса безопасности Cisco Umbrella, связанная с недостатками процедуры нейтрализации особых элементов в выходных данных, используемых входящим компонентом, позволяющая нарушителю выполнить произвольный код с помощью специально подготовленного URL
EPSS
4.7 Medium
CVSS3
4.3 Medium
CVSS3
4.3 Medium
CVSS2