CVE-2016-6469 - A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could al

CVE-2016-6469

Summary

A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting. More Information: CSCvb04312. Known Affected Releases: 9.0.1-162 9.1.1-074. Known Fixed Releases: 10.1.0-129 9.1.2-010.

References

Vulnerable Configurations

cpe:2.3:a:cisco:web_security_appliance:9.0.1-162:*:*:*:*:*:*:*
cpe:2.3:a:cisco:web_security_appliance:9.0.1-162:*:*:*:*:*:*:*
cpe:2.3:a:cisco:web_security_appliance:9.1.1-074:*:*:*:*:*:*:*
cpe:2.3:a:cisco:web_security_appliance:9.1.1-074:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 05-01-2017 - 13:35)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	94775
confirm	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa

Last major update

05-01-2017 - 13:35

Published

14-12-2016 - 00:59

Last modified

05-01-2017 - 13:35