Details of VAR-201505-0178

ID

VAR-201505-0178

CVE

CVE-2015-0733

TITLE

Cisco Headend System Release of Digital Broadband Delivery System of HTTP Header Handler In CRLF Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002873

DESCRIPTION

CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks, via a crafted request, aka Bug ID CSCur25580. Vendors have confirmed this vulnerability Bug ID CSCur25580 It is released as. Supplementary information : CWE Vulnerability type by CWE-93: Improper Neutralization of CRLF Sequences (CRLF injection ) Has been identified. The system provides content protection, video on demand, and dbd backup and recovery. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust

Trust: 2.52

sources: NVD: CVE-2015-0733 // JVNDB: JVNDB-2015-002873 // CNVD: CNVD-2015-03568 // BID: 74917 // VULHUB: VHN-78679

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-03568

AFFECTED PRODUCTS

vendor:	cisco	model:	headend digital broadband delivery system	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	headend digital broadband delivery system	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	headend digital broadband delivery system	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2015-03568 // BID: 74917 // JVNDB: JVNDB-2015-002873 // CNNVD: CNNVD-201505-594 // NVD: CVE-2015-0733

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0733
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0733
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-03568
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201505-594
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78679
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0733
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-03568
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78679
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-03568 // VULHUB: VHN-78679 // JVNDB: JVNDB-2015-002873 // CNNVD: CNNVD-201505-594 // NVD: CVE-2015-0733

PROBLEMTYPE DATA

problemtype:	CWE-113	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-78679 // JVNDB: JVNDB-2015-002873 // NVD: CVE-2015-0733

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-594

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201505-594

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002873

PATCH

title:	38863	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=38863	Trust: 0.8
title:	Patch for Cisco Headend System Release Digital Broadband Delivery System CRLF Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/59265	Trust: 0.6

sources: CNVD: CNVD-2015-03568 // JVNDB: JVNDB-2015-002873

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0733	Trust: 3.4
db:	SECTRACK	id:	1032445	Trust: 1.1
db:	BID	id:	74917	Trust: 1.0
db:	JVNDB	id:	JVNDB-2015-002873	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-594	Trust: 0.7
db:	CNVD	id:	CNVD-2015-03568	Trust: 0.6
db:	VULHUB	id:	VHN-78679	Trust: 0.1

sources: CNVD: CNVD-2015-03568 // VULHUB: VHN-78679 // BID: 74917 // JVNDB: JVNDB-2015-002873 // CNNVD: CNNVD-201505-594 // NVD: CVE-2015-0733

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=38863	Trust: 2.6
url:	http://www.securitytracker.com/id/1032445	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0733	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0733	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-03568 // VULHUB: VHN-78679 // BID: 74917 // JVNDB: JVNDB-2015-002873 // CNNVD: CNNVD-201505-594 // NVD: CVE-2015-0733

CREDITS

Cisco

Trust: 0.3

sources: BID: 74917

SOURCES

db:	CNVD	id:	CNVD-2015-03568
db:	VULHUB	id:	VHN-78679
db:	BID	id:	74917
db:	JVNDB	id:	JVNDB-2015-002873
db:	CNNVD	id:	CNNVD-201505-594
db:	NVD	id:	CVE-2015-0733

LAST UPDATE DATE

2025-04-12T22:59:34.728000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-03568	date:	2015-06-04T00:00:00
db:	VULHUB	id:	VHN-78679	date:	2017-01-04T00:00:00
db:	BID	id:	74917	date:	2015-05-29T00:00:00
db:	JVNDB	id:	JVNDB-2015-002873	date:	2015-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201505-594	date:	2015-06-05T00:00:00
db:	NVD	id:	CVE-2015-0733	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-03568	date:	2015-06-04T00:00:00
db:	VULHUB	id:	VHN-78679	date:	2015-05-30T00:00:00
db:	BID	id:	74917	date:	2015-05-29T00:00:00
db:	JVNDB	id:	JVNDB-2015-002873	date:	2015-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201505-594	date:	2015-05-30T00:00:00
db:	NVD	id:	CVE-2015-0733	date:	2015-05-30T14:59:00.067