| Cisco Headend System Bugs Let Remote Users Conduct HTTP Response Splitting and Denial of Service Attacks |
| SecurityTracker Alert ID: 1032445 |
| SecurityTracker URL: http://securitytracker.com/id/1032445 |
| CVE Reference: , , , (Links to External Site) |
| Date: Jun 2 2015 |
| Impact: , , , , |
| Vendor Confirmed: Yes |
| |
| Description: Multiple vulnerabilities were reported in Cisco Headend System. A remote user can cause denial of service conditions on the target system. A remote user can conduct HTTP response splitting attacks. A remote user can send a specially crafted HTTP request header value to download potentially sensitive temporary script files [CVE-2015-0745]. The vendor has assigned bug ID CSCus44909 to this vulnerability. The HTTP Header Handler does not properly validate user-supplied input A remote user can submit a specially crafted URL to cause the target server to return a split response [CVE-2015-0733]. A remote user can exploit this to spoof content on the target server, attempt to poison any intermediate web caches, or conduct cross-site scripting attacks. The vendor has assigned bug ID CSCur25580 to this vulnerability. A remote user can send specially crafted UDP packets to the TFTP and DHCP services to cause the TFTP and DHCP listening ports to go offline for a period of time [CVE-2015-0743]. The vendor has assigned bug ID CSCus04097 to this vulnerability. A remote user can send a flood of TCP SYN messages to exploit the lack of rate limiting in the TCP listener application and block TCP listening ports and consume excessive CPU and memory resources [CVE-2015-0744]. The vendor has assigned bug IDs CSCus50642, CSCus50662, CSCus50625, CSCus50657, and CSCus68315 to this vulnerability. |
| Impact: A remote user can cause denial of service conditions. A remote user can create a URL that, when loaded by the target user, will cause arbitrary content to be displayed. A remote user may be able to poison any intermediate web caches with arbitrary content. |
| Solution: No solution was available at the time of this entry. The vendor's advisories are available at: http://tools.cisco.com/security/center/viewAlert.x?alertId=38944 http://tools.cisco.com/security/center/viewAlert.x?alertId=38863 http://tools.cisco.com/security/center/viewAlert.x?alertId=38938 http://tools.cisco.com/security/center/viewAlert.x?alertId=38943 |
| Vendor URL: (Links to External Site) |
| Cause: , |
| Underlying OS: |
| |
| Message History: None. |