exploitDog

CVE-2013-5537

Опубликовано: 24 окт. 2013

Источник: nvd

CVSS2: 7.8

EPSS Низкий

Описание

The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via multiple TCP connections, aka Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5537
Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5537
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00393

Низкий

7.8 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-pmxm-xgr9-jvfw

github

больше 3 лет назад

The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via multiple TCP connections, aka Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635.

EPSS

Процентиль: 60%

0.00393

Низкий

7.8 High

CVSS2

Дефекты

CWE-20