Unrated severityNVD Advisory· Published Apr 2, 2014· Updated May 6, 2026

CVE-2014-2137

Description

CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002.

Affected products

Cisco Systems, Inc./Web Security Virtual Appliance8 versions
cpe:2.3:a:cisco:web_security_virtual_appliance:7.1.4:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:cisco:web_security_virtual_appliance:7.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:web_security_virtual_appliance:7.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:web_security_virtual_appliance:7.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:web_security_virtual_appliance:*:*:*:*:*:*:*:*range: <=7.7
- cpe:2.3:a:cisco:web_security_virtual_appliance:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:web_security_virtual_appliance:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:web_security_virtual_appliance:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:web_security_virtual_appliance:7.1.3:*:*:*:*:*:*:*
Cisco Systems, Inc./Web Security Appliance
cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2137nvdVendor Advisory
tools.cisco.com/security/center/viewAlert.xnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000