CiscoWorks Common Services HTTP Response Splitting

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.

Synopsis :

The network management framework on the remote web server has an HTTP
response splitting vulnerability.

Description :

The version of CiscoWorks Common Services on the remote host has an
HTTP response splitting vulnerability. Common Services is a framework
included with several Cisco products. Input to the 'URL' parameter of
Autologin.jsp is not properly sanitized.

A remote attacker could exploit this by tricking a user into making a
malicious request, resulting in the injection of HTTP headers,
modification of the HTTP response body, or splitting the HTTP response
into multiple responses.

See also :

Solution :

Refer to the referenced Cisco Bug IDs for more information.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true

Family: CGI abuses

Nessus Plugin ID: 58950 ()

Bugtraq ID: 53439

CVE ID: CVE-2011-4237