Unrated severityNVD Advisory· Published Jul 6, 2010· Updated Apr 29, 2026

CVE-2010-1576

Description

The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885.

Affected products

Cisco Systems, Inc./Content Services Switch 115005 versions
cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*range: <=8.20.3.03
- cpe:2.3:h:cisco:content_services_switch_11500:8.20.0.01:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:content_services_switch_11500:08.20.1.01:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:content_services_switch_11500:8.20.1.01:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:content_services_switch_11500:8.20.2.01:*:*:*:*:*:*:*
Cisco Systems, Inc./Ace 47103 versions
cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*range: <=a3\(2.5\)
- cpe:2.3:h:cisco:ace_4710:a1\(2.0\):*:*:*:*:*:*:*
- cpe:2.3:h:cisco:ace_4710:a1\(8.0\):*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000