Vigil@nce - Cisco Web Security Appliance: injecting HTTP headers
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can inject HTTP headers, to deceive the user of Cisco
Web Security Appliance, in order to redirect him to a malicious
site.
Impacted products: AsyncOS, IronPort Web, Cisco WSA
Severity: 1/4
Creation date: 02/04/2014
DESCRIPTION OF THE VULNERABILITY
The Cisco Web Security Appliance product offers a web service.
However, an attacker can inject HTTP headers, to redirect the
victim with no warning, to an external site indicated by the
attacker.
An attacker can therefore inject HTTP headers, to deceive the user
of Cisco Web Security Appliance, in order to redirect him to a
malicious site.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-Web-Security-Appliance-injecting-HTTP-headers-14511