Cisco Application-Hosting Framework HTTP Header Injection Vulnerability
A vulnerability in the Cisco Application-hosting Framework (CAF) component for Cisco IOS and IOS XE Software with the IOx feature set could allow an unauthenticated, remote attacker to cause a CAF user to download a file controlled by the attacker.The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted HTTP headers into the communication path between the user and CAF. An exploit could allow the attacker to force the user to download a file controlled by the attacker.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/2cVbm3m
A vulnerability in the Cisco Application-hosting Framework (CAF) component for Cisco IOS and IOS XE Software with the IOx feature set could allow an unauthenticated, remote attacker to cause a CAF user to download a file controlled by the attacker.The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting crafted HTTP headers into the communication path between the user and CAF. An exploit could allow the attacker to force the user to download a file controlled by the attacker.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/2cVbm3m
Security Impact Rating: Medium
CVE: CVE-2016-6412
from Cisco Security Advisory http://ift.tt/2cVbm3m