CISCO : Cisco Web Security Appliance Malformed HTTP Response Denial of Service Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.105353

Categoría: CISCO

Título: Cisco Web Security Appliance Malformed HTTP Response Denial of Service Vulnerability

Resumen: Cisco Web Security Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. Updates are not available.

Descripción: Summary:
Cisco Web Security Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. Updates are not available.

Vulnerability Insight:
The vulnerability is due to the improper handling of a malformed HTTP server responses. An unauthenticated, remote attacker with a privileged network position could
exploit the vulnerability by conducting a man-in-the-middle (MitM) attack and supplying malformed HTTP server responses to the vulnerable device. A successful exploit could allow the attacker to cause
the device to improperly close TCP connections and fail to free memory resources, resulting in a partial DoS condition.

Vulnerability Impact:
An unauthenticated, remote attacker could exploit this vulnerability to cause a DoS condition on the targeted device.

Affected Software/OS:
Cisco WSA version 8.0.7-151

Solution:
No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-6290
BugTraq ID: 76687
http://www.securityfocus.com/bid/76687
Cisco Security Advisory: 20150909 Cisco Web Security Appliance Malformed HTTP Response Denial of Service Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40896
http://www.securitytracker.com/id/1033530

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.105353
Categoría:	CISCO
Título:	Cisco Web Security Appliance Malformed HTTP Response Denial of Service Vulnerability
Resumen:	Cisco Web Security Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. Updates are not available.
Descripción:	Summary: Cisco Web Security Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. Updates are not available. Vulnerability Insight: The vulnerability is due to the improper handling of a malformed HTTP server responses. An unauthenticated, remote attacker with a privileged network position could exploit the vulnerability by conducting a man-in-the-middle (MitM) attack and supplying malformed HTTP server responses to the vulnerable device. A successful exploit could allow the attacker to cause the device to improperly close TCP connections and fail to free memory resources, resulting in a partial DoS condition. Vulnerability Impact: An unauthenticated, remote attacker could exploit this vulnerability to cause a DoS condition on the targeted device. Affected Software/OS: Cisco WSA version 8.0.7-151 Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6290 BugTraq ID: 76687 http://www.securityfocus.com/bid/76687 Cisco Security Advisory: 20150909 Cisco Web Security Appliance Malformed HTTP Response Denial of Service Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=40896 http://www.securitytracker.com/id/1033530
Copyright	Copyright (C) 2015 Greenbone AG