49094

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/release/notes/lms42rel.html

http://www.nessus.org/plugins/index.php?view=single&id=58950

The version of CiscoWorks Common Services on the remote host has an HTTP response splitting vulnerability.  Common Services is a framework included with several Cisco products.  Input to the 'URL' parameter of Autologin.jsp is not properly sanitized. 

A remote attacker could exploit this by tricking a user into making a malicious request, resulting in the injection of HTTP headers, modification of the HTTP response body, or splitting the HTTP response into multiple responses.

CVE-2011-4237

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

medium