Cisco Application Control Engine (ACE) - HTTP Parsing Security
| EKU-ID: 38734 | CVE: | OSVDB-ID: |
| Author: Alexis Tremblay | Published: 2010-05-07 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 38734 | CVE: | OSVDB-ID: |
| Author: Alexis Tremblay | Published: 2010-05-07 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/40002/info Cisco Application Control Engine (ACE) is prone to a security weakness that may allow attackers to obfuscate HTTP server log entries. Attackers can exploit this issue to avoid having client IP addresses logged by servers. GET / HTTP / 1 . 1 HOST: Myserver.com CONNECTION: KEEP-ALIVE GET / HTTP/1.1 HOST: Myserver.com CONNECTION: KEEP-ALIVE