Sign-up

ID

VAR-201310-0539


CVE

CVE-2013-5512


TITLE

Cisco Adaptive Security Appliance Software HTTP Deep Packet Inspection Service disruption in functionality (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004647

DESCRIPTION

Race condition in the HTTP Deep Packet Inspection (DPI) feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.5), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.4), 9.0.x before 9.0(1.4), and 9.1.x before 9.1(1.2), in certain conditions involving the spoof-server option or ActiveX or Java response inspection, allows remote attackers to cause a denial of service (device reload) via a crafted HTTP response, aka Bug ID CSCud37992. Vendors have confirmed this vulnerability Bug ID CSCud37992 It is released as.Skillfully crafted by a third party HTTP Service disruption via response ( Device reload ) There is a possibility of being put into a state. Cisco Adaptive Security Appliance Software is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to reload an affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCud37992. Cisco Adaptive Security Appliance Software prior to 8.2(5.46), 8.3(2.39), 8.4(5.6), 8.5(1.18), 8.6(1.12), 8.7(1.4), 9.0(1.4), and 9.1(1.2) are vulnerable. The vulnerability stems from the fact that the HTTP DPI engine does not properly handle race conditions when inspecting HTTP packets. Successful exploitation of this vulnerability requires the spoof-server parameter option to be enabled or the Cisco ASA software configured to detect and block HTTP responses containing active-x or java-applet. x version, 8.6.x version before 8.6(1.12), 8.7.x version before 8.7(1.4), 9.0.x version before 9.0(1.4), 9.1.x version before 9.1(1.2)

Trust: 1.98

sources: NVD: CVE-2013-5512 // JVNDB: JVNDB-2013-004647 // BID: 62916 // VULHUB: VHN-65514

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.6\(1.3\)

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2\(4\)

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.5

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2\(4.1\)

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.5\(1\)

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2\(5\)

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2\(5.38\)

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2\(5.35\)

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.5\(1.17\)

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2\(4.4\)

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4\(1\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4\(3\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.6\(1\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2\(1\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4\(5\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.6\(1.10\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4\(4.11\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4\(2\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3\(2\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4\(1.11\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.6

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.7\(1.3\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3\(2.37\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2\(2\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3\(2.34\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2\(3\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2\(3.9\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4\(2.11\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3\(1\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:8.5.x

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3(2.39)

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:8.6.x

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2(5.46)

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.5(1.18)

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:8.x

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4(5.5)

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:8.4.x

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1(1.2)

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:8.7.x

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.0.x

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.6(1.12)

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.1.x

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.0(1.4)

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:8.3.x

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.7(1.4)

Trust: 0.8

sources: JVNDB: JVNDB-2013-004647 // CNNVD: CNNVD-201310-240 // NVD: CVE-2013-5512

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5512
value: HIGH

Trust: 1.0

NVD: CVE-2013-5512
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201310-240
value: HIGH

Trust: 0.6

VULHUB: VHN-65514
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-5512
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65514
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65514 // JVNDB: JVNDB-2013-004647 // CNNVD: CNNVD-201310-240 // NVD: CVE-2013-5512

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

sources: VULHUB: VHN-65514 // JVNDB: JVNDB-2013-004647 // NVD: CVE-2013-5512

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-240

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-201310-240

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004647

PATCH
title:cisco-sa-20131009-asaurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa
Trust: 0.8
title:HTTP Deep Packet Inspection Denial of Service Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5512
Trust: 0.8
title:31104url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31104
Trust: 0.8
title:cisco-sa-20131009-asaurl:http://www.cisco.com/cisco/web/support/JP/111/1119/1119989_cisco-sa-20131009-asa-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004647

EXTERNAL IDS
db:NVDid:CVE-2013-5512
Trust: 2.8
db:JVNDBid:JVNDB-2013-004647
Trust: 0.8
db:CNNVDid:CNNVD-201310-240
Trust: 0.7
db:CISCOid:20131009 MULTIPLE VULNERABILITIES IN CISCO ASA SOFTWARE
Trust: 0.6
db:BIDid:62916
Trust: 0.4
db:VULHUBid:VHN-65514
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65514 // 
            
            
            
            BID: 62916 // 
            
            
            
            JVNDB: JVNDB-2013-004647 // 
            
            
            
            CNNVD: CNNVD-201310-240 // 
            
            
            
            NVD: CVE-2013-5512

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20131009-asa
Trust: 2.0
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5512
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5512
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5512
Trust: 0.8
url:http://tools.cisco.com/security/center/viewalert.x?alertid=31104
Trust: 0.3
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65514 // 
            
            
            
            BID: 62916 // 
            
            
            
            JVNDB: JVNDB-2013-004647 // 
            
            
            
            CNNVD: CNNVD-201310-240 // 
            
            
            
            NVD: CVE-2013-5512

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62916

SOURCES
db:VULHUBid:VHN-65514
db:BIDid:62916
db:JVNDBid:JVNDB-2013-004647
db:CNNVDid:CNNVD-201310-240
db:NVDid:CVE-2013-5512

LAST UPDATE DATE
2024-11-23T21:45:31.171000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65514date:2016-11-01T00:00:00
db:BIDid:62916date:2013-10-09T00:00:00
db:JVNDBid:JVNDB-2013-004647date:2014-01-10T00:00:00
db:CNNVDid:CNNVD-201310-240date:2013-11-01T00:00:00
db:NVDid:CVE-2013-5512date:2024-11-21T01:57:37.150

SOURCES RELEASE DATE
db:VULHUBid:VHN-65514date:2013-10-13T00:00:00
db:BIDid:62916date:2013-10-09T00:00:00
db:JVNDBid:JVNDB-2013-004647date:2013-10-16T00:00:00
db:CNNVDid:CNNVD-201310-240date:2013-10-17T00:00:00
db:NVDid:CVE-2013-5512date:2013-10-13T10:20:04.350