Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0624

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-0624
Last Modified 02 Mar 2015 09:59:54
Published 21 Feb 2015 06:59:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-0624

Summary

The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.

Vulnerable Systems


References

CISCO - 20150220 Cisco AsyncOS Software HTTP Redirect Vulnerability

SECTRACK - 1031782

SECTRACK - 1031781

BID - 72702

MISC - http://packetstormsecurity.com/files/130525/Cisco-Ironport-AsyncOS-HTTP-Header-Injection.html


Last Updated: 27 May 2016 11:07:57