Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1).
References
Link | Resource |
---|---|
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-01-http-en | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
History
10 Feb 2021, 19:30
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-444 | |
CPE | cpe:2.3:h:huawei:taurus-al00a:-:*:*:*:*:*:*:* cpe:2.3:a:huawei:manageone:6.5.1.1:rc2:*:*:*:*:*:* cpe:2.3:a:huawei:manageone:6.5.1.1:rc1:*:*:*:*:*:* cpe:2.3:a:huawei:manageone:6.5.1.1:-:*:*:*:*:*:* cpe:2.3:o:huawei:taurus-al00a_firmware:10.0.0.1\(c00e1r1p1\):*:*:*:*:*:*:* cpe:2.3:a:huawei:manageone:6.5.1.1:spc200:*:*:*:*:*:* cpe:2.3:a:huawei:manageone:6.5.1.1:spc100:*:*:*:*:*:* cpe:2.3:a:huawei:campusinsight:v100r019c10:*:*:*:*:*:*:* cpe:2.3:a:huawei:manageone:8.0.0:rc2:*:*:*:*:*:* |
|
References | (CONFIRM) https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-01-http-en - Vendor Advisory |
06 Feb 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-06 03:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-22293
Mitre link : CVE-2021-22293
CVE.ORG link : CVE-2021-22293
JSON object : View
Products Affected
huawei
- taurus-al00a
- taurus-al00a_firmware
- manageone
- campusinsight
CWE
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')