Unrated severityNVD Advisory· Published Jul 6, 2010· Updated Apr 29, 2026

CVE-2010-2629

Description

The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576.

Affected products

Cisco Systems, Inc./Content Services Switch 115005 versions
cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*range: <=8.20.3.03
- cpe:2.3:h:cisco:content_services_switch_11500:8.20.0.01:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:content_services_switch_11500:08.20.1.01:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:content_services_switch_11500:8.20.1.01:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:content_services_switch_11500:8.20.2.01:*:*:*:*:*:*:*
Cisco Systems, Inc./Ace 47103 versions
cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*range: <=a3\(2.5\)
- cpe:2.3:h:cisco:ace_4710:a1\(2.0\):*:*:*:*:*:*:*
- cpe:2.3:h:cisco:ace_4710:a1\(8.0\):*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000