CVE-2015-0733 — MEDIUM (4.3)

Vulnerability Description

CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks, via a crafted request, aka Bug ID CSCur25580.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Headend Digital Broadband Delivery System	-

Related Weaknesses (CWE)

CWE-113

References

http://tools.cisco.com/security/center/viewAlert.x?alertId=38863Vendor Advisory
http://www.securitytracker.com/id/1032445Third Party AdvisoryVDB Entry
http://tools.cisco.com/security/center/viewAlert.x?alertId=38863Vendor Advisory
http://www.securitytracker.com/id/1032445Third Party AdvisoryVDB Entry

FAQ

What is CVE-2015-0733?

CVE-2015-0733 is a vulnerability with a CVSS score of 4.3 (MEDIUM). CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP ...

How severe is CVE-2015-0733?

CVE-2015-0733 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-0733?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Headend Digital Broadband Delivery System.