A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to the browser of the user.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2020-05-06T16:41:30.545609Z
Updated: 2024-09-17T00:55:36.193Z
Reserved: 2019-12-12T00:00:00
Link: CVE-2020-3246
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-05-06T17:15:12.480
Modified: 2020-05-12T17:34:34.773
Link: CVE-2020-3246
Redhat
No data.