Test Kennung:	1.3.6.1.4.1.25623.1.0.106456
Kategorie:	CISCO
Titel:	Cisco Web Security Appliance Drop Decrypt Policy Bypass Vulnerability
Zusammenfassung:	A vulnerability in the Decrypt for End-User Notification configuration;parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote;attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even;if the WSA is configured to block connections to the website.
Beschreibung:	Summary: A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website. Vulnerability Insight: The vulnerability is due to incomplete input validation of HTTP headers. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. Vulnerability Impact: A successful exploit could allow the attacker to connect to a website that should be blocked. Solution: See the referenced vendor advisory for a solution. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-9212 BugTraq ID: 94774 http://www.securityfocus.com/bid/94774 http://www.securitytracker.com/id/1037410
Copyright	Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.