CISCO : Cisco Web Security Appliance Malformed HTTP Response Denial of Service Vulnerability

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.105353

Kategorie: CISCO

Titel: Cisco Web Security Appliance Malformed HTTP Response Denial of Service Vulnerability

Zusammenfassung: Cisco Web Security Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. Updates are not available.

Beschreibung: Summary:
Cisco Web Security Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. Updates are not available.

Vulnerability Insight:
The vulnerability is due to the improper handling of a malformed HTTP server responses. An unauthenticated, remote attacker with a privileged network position could
exploit the vulnerability by conducting a man-in-the-middle (MitM) attack and supplying malformed HTTP server responses to the vulnerable device. A successful exploit could allow the attacker to cause
the device to improperly close TCP connections and fail to free memory resources, resulting in a partial DoS condition.

Vulnerability Impact:
An unauthenticated, remote attacker could exploit this vulnerability to cause a DoS condition on the targeted device.

Affected Software/OS:
Cisco WSA version 8.0.7-151

Solution:
No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-6290
BugTraq ID: 76687
http://www.securityfocus.com/bid/76687
Cisco Security Advisory: 20150909 Cisco Web Security Appliance Malformed HTTP Response Denial of Service Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40896
http://www.securitytracker.com/id/1033530

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.105353
Kategorie:	CISCO
Titel:	Cisco Web Security Appliance Malformed HTTP Response Denial of Service Vulnerability
Zusammenfassung:	Cisco Web Security Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. Updates are not available.
Beschreibung:	Summary: Cisco Web Security Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. Updates are not available. Vulnerability Insight: The vulnerability is due to the improper handling of a malformed HTTP server responses. An unauthenticated, remote attacker with a privileged network position could exploit the vulnerability by conducting a man-in-the-middle (MitM) attack and supplying malformed HTTP server responses to the vulnerable device. A successful exploit could allow the attacker to cause the device to improperly close TCP connections and fail to free memory resources, resulting in a partial DoS condition. Vulnerability Impact: An unauthenticated, remote attacker could exploit this vulnerability to cause a DoS condition on the targeted device. Affected Software/OS: Cisco WSA version 8.0.7-151 Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6290 BugTraq ID: 76687 http://www.securityfocus.com/bid/76687 Cisco Security Advisory: 20150909 Cisco Web Security Appliance Malformed HTTP Response Denial of Service Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=40896 http://www.securitytracker.com/id/1033530
Copyright	Copyright (C) 2015 Greenbone AG