Unrated severityNVD Advisory· Published Jun 29, 2010· Updated Apr 29, 2026

CVE-2008-7257

Description

CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163.

Affected products

Cisco Systems, Inc./Asa 5580
cpe:2.3:h:cisco:asa_5580:8.1\(1\):*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/41159nvdExploit
securitytracker.com/idnvd
www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.htmlnvd
www.secureworks.com/ctu/advisories/SWRX-2010-001nvd
www.securityfocus.com/archive/1/512023/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/59850nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.022
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000