CVE-2016-6469

Опубликовано: 14 дек. 2016

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting. More Information: CSCvb04312. Known Affected Releases: 9.0.1-162 9.1.1-074. Known Fixed Releases: 10.1.0-129 9.1.2-010.

Ссылки

http://www.securityfocus.com/bid/94775
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa
Vendor Advisory
http://www.securityfocus.com/bid/94775
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:web_security_appliance:9.0.1-162:*:*:*:*:*:*:*

cpe:2.3:a:cisco:web_security_appliance:9.1.1-074:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00992

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-399

Связанные уязвимости

GHSA-jrr4-mgvr-2jhm