Описание
The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.
The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-0624
- http://packetstormsecurity.com/files/130525/Cisco-Ironport-AsyncOS-HTTP-Header-Injection.html
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0624
- http://www.securityfocus.com/bid/72702
- http://www.securitytracker.com/id/1031781
- http://www.securitytracker.com/id/1031782
Связанные уязвимости
The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.