CVE-2020-3246

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to the browser of the user.
Configurations

Configuration 1

cpe:2.3:a:cisco:umbrella:*:*:*:*:*:*:*:*

Information

Published : 2020-05-06 05:15

Updated : 2020-05-12 05:34


NVD link : CVE-2020-3246

Mitre link : CVE-2020-3246

Products Affected
No products.
CWE