CVE-2020-3246

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to the browser of the user.

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to the browser of the user.

Una vulnerabilidad en el servidor web de Cisco Umbrella podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de inyección de tipo carriage return line feed (CRLF) contra un usuario de un servicio afectado. La vulnerabilidad es debido a una comprobación insuficiente de la entrada de usuario. Un atacante podría explotar esta vulnerabilidad al persuadir a un usuario para que acceda a una URL diseñada. Una explotación con éxito podría permitir a un atacante inyectar encabezados HTTP arbitrarios dentro de respuestas HTTP válidas enviadas hacia el navegador del usuario.