ID de Prueba:	1.3.6.1.4.1.25623.1.0.106456
Categoría:	CISCO
Título:	Cisco Web Security Appliance Drop Decrypt Policy Bypass Vulnerability
Resumen:	A vulnerability in the Decrypt for End-User Notification configuration;parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote;attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even;if the WSA is configured to block connections to the website.
Descripción:	Summary: A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website. Vulnerability Insight: The vulnerability is due to incomplete input validation of HTTP headers. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. Vulnerability Impact: A successful exploit could allow the attacker to connect to a website that should be blocked. Solution: See the referenced vendor advisory for a solution. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-9212 BugTraq ID: 94774 http://www.securityfocus.com/bid/94774 http://www.securitytracker.com/id/1037410
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.