N/A

The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a ClientCert-Subject-CN header, aka Bug ID CSCsz04690.

N/A

N/A

Cisco CSS HTTP请求头权限许可和访问控制漏洞

Cisco CSS 11500内容服务交换机是用于为数据中心提供强壮可升级网络服务(4-7层)的负载均衡设备。 装有08.20.1.01版本软件的Cisco内容服务交换机(CSS)11500通过ClientCert-*头传输验证数据，但却不删除客户端提供的ClientCert-*头，远程攻击者可以利用伪造头数据绕过认证，例如伪造一个ClientCert-Subject-CN头。

N/A

N/A