Medium severity5.3NVD Advisory· Published Nov 16, 2017· Updated Jun 17, 2026
CVE-2017-12309
CVE-2017-12309
Description
A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. An exploit could allow the attacker to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits. Cisco Bug IDs: CSCvf16705.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:o:cisco:email_security_appliance_firmware:10.0.2-020:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:cisco:email_security_appliance_firmware:10.0.2-020:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:email_security_appliance_firmware:11.0.0-105:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/101928nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039831nvdThird Party AdvisoryVDB Entry
- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-esanvdVendor Advisory
News mentions
0No linked articles in our index yet.