A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack.
This vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses.
Metrics
Affected Vendors & Products
References
History
Fri, 25 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2022-11-03T19:32:24.728Z
Updated: 2024-10-25T16:04:54.024Z
Reserved: 2021-11-02T13:28:29.103Z
Link: CVE-2022-20772
Vulnrichment
Updated: 2024-08-03T02:24:49.623Z
NVD
Status : Modified
Published: 2022-11-04T18:15:10.843
Modified: 2024-11-21T06:43:31.557
Link: CVE-2022-20772
Redhat
No data.