Sign-up

ID

VAR-201310-0520


CVE

CVE-2013-5537


TITLE

plural Cisco Security appliance Web Service operation interruption in the framework (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004877

DESCRIPTION

The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via multiple TCP connections, aka Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635. Vendors have confirmed this vulnerability Bug ID CSCuj59411 , CSCuf89818 ,and CSCuh05635 It is released as.Multiple third parties TCP Service disruption via connection ( management GUI Stop ) There is a possibility of being put into a state. Cisco is the world's leading provider of Internet solutions. A denial of service vulnerability exists in Cisco Appliances. A remote attacker could exploit this vulnerability to render the affected device unresponsive, resulting in a denial of service. This issue is being tracked by Cisco Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635. ESA is an email security appliance. Content SMA is a set of content security management equipment. There is a denial-of-service vulnerability in the GUI function of the web framework. The vulnerability stems from the fact that the program does not properly manage the connection process of HTTP and HTTPS. The following devices are affected: Cisco WSA, ESA, Content SMA

Trust: 2.52

sources: NVD: CVE-2013-5537 // JVNDB: JVNDB-2013-004877 // CNVD: CNVD-2013-14075 // BID: 63280 // VULHUB: VHN-65539

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-14075

AFFECTED PRODUCTS

vendor:ciscomodel:email security appliancescope:eqversion: -

Trust: 2.2

vendor:ciscomodel:web security appliancescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:content security management appliancescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:e email security the appliancescope: - version: -

Trust: 0.8

vendor:ciscomodel:web security the appliancescope: - version: -

Trust: 0.8

vendor:ciscomodel:content security management appliancescope: - version: -

Trust: 0.8

vendor:ciscomodel:web security appliancescope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2013-14075 // JVNDB: JVNDB-2013-004877 // CNNVD: CNNVD-201310-610 // NVD: CVE-2013-5537

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5537
value: HIGH

Trust: 1.0

NVD: CVE-2013-5537
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-14075
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201310-610
value: HIGH

Trust: 0.6

VULHUB: VHN-65539
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-5537
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-14075
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-65539
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-14075 // VULHUB: VHN-65539 // JVNDB: JVNDB-2013-004877 // CNNVD: CNNVD-201310-610 // NVD: CVE-2013-5537

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-65539 // JVNDB: JVNDB-2013-004877 // NVD: CVE-2013-5537

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-610

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-610

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004877

PATCH
title:Cisco WSA, ESA, and SMA Management GUI Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5537
Trust: 0.8
title:31434url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31434
Trust: 0.8
title:Patches for multiple Cisco Appliances denial of service vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/40533
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-14075 // 
            
            
            
            JVNDB: JVNDB-2013-004877

EXTERNAL IDS
db:NVDid:CVE-2013-5537
Trust: 3.4
db:BIDid:63280
Trust: 1.0
db:JVNDBid:JVNDB-2013-004877
Trust: 0.8
db:CNNVDid:CNNVD-201310-610
Trust: 0.7
db:CNVDid:CNVD-2013-14075
Trust: 0.6
db:CISCOid:20131022 CISCO WSA, ESA, AND SMA MANAGEMENT GUI DENIAL OF SERVICE VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-65539
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-14075 // 
            
            
            
            VULHUB: VHN-65539 // 
            
            
            
            BID: 63280 // 
            
            
            
            JVNDB: JVNDB-2013-004877 // 
            
            
            
            CNNVD: CNNVD-201310-610 // 
            
            
            
            NVD: CVE-2013-5537

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5537
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5537
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5537
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-14075 // 
            
            
            
            VULHUB: VHN-65539 // 
            
            
            
            BID: 63280 // 
            
            
            
            JVNDB: JVNDB-2013-004877 // 
            
            
            
            CNNVD: CNNVD-201310-610 // 
            
            
            
            NVD: CVE-2013-5537

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 63280

SOURCES
db:CNVDid:CNVD-2013-14075
db:VULHUBid:VHN-65539
db:BIDid:63280
db:JVNDBid:JVNDB-2013-004877
db:CNNVDid:CNNVD-201310-610
db:NVDid:CVE-2013-5537

LAST UPDATE DATE
2024-11-23T22:49:33.652000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-14075date:2013-10-25T00:00:00
db:VULHUBid:VHN-65539date:2018-10-30T00:00:00
db:BIDid:63280date:2013-10-24T00:13:00
db:JVNDBid:JVNDB-2013-004877date:2013-10-28T00:00:00
db:CNNVDid:CNNVD-201310-610date:2013-11-01T00:00:00
db:NVDid:CVE-2013-5537date:2024-11-21T01:57:39.720

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-14075date:2013-10-25T00:00:00
db:VULHUBid:VHN-65539date:2013-10-24T00:00:00
db:BIDid:63280date:2013-10-22T00:00:00
db:JVNDBid:JVNDB-2013-004877date:2013-10-28T00:00:00
db:CNNVDid:CNNVD-201310-610date:2013-10-28T00:00:00
db:NVDid:CVE-2013-5537date:2013-10-24T10:53:09.897