Total
70 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-1383 | 1 Cisco | 2 Web Security Appliance, Web Security Appliance \(wsa\) | 2016-11-30 | 7.8 HIGH | 7.5 HIGH |
Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug ID CSCur28305. | |||||
CVE-2016-1381 | 1 Cisco | 1 Web Security Appliance | 2016-11-30 | 7.8 HIGH | 7.5 HIGH |
Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an HTTP file-range request for cached content, aka Bug ID CSCuw97270. | |||||
CVE-2016-1380 | 1 Cisco | 1 Web Security Appliance | 2016-11-30 | 7.8 HIGH | 7.5 HIGH |
Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171. | |||||
CVE-2016-1382 | 1 Cisco | 2 Web Security Appliance, Web Security Appliance \(wsa\) | 2016-11-30 | 7.8 HIGH | 7.5 HIGH |
Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (proxy-process reload) via a crafted request, aka Bug ID CSCuu02529. | |||||
CVE-2016-1405 | 2 Cisco, Clamav | 3 Email Security Appliance, Web Security Appliance, Clamav | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503. | |||||
CVE-2015-4288 | 1 Cisco | 3 Content Security Management Appliance, Email Security Appliance, Web Security Appliance | 2015-07-29 | 4.3 MEDIUM | N/A |
The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470. | |||||
CVE-2015-0628 | 1 Cisco | 1 Web Security Appliance | 2015-02-20 | 5.0 MEDIUM | N/A |
The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174. | |||||
CVE-2015-0623 | 1 Cisco | 1 Web Security Appliance | 2015-02-19 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Administrator report page on Cisco Web Security Appliance (WSA) devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus40627. | |||||
CVE-2014-2137 | 1 Cisco | 2 Web Security Appliance, Web Security Virtual Appliance | 2014-04-02 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002. | |||||
CVE-2013-3383 | 1 Cisco | 2 Ironport Asyncos, Web Security Appliance | 2013-06-27 | 9.0 HIGH | N/A |
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID CSCzv69294. |