ID
VAR-201511-0008
CVE
CVE-2015-6293
TITLE
Cisco Web Security Runs on the appliance device AsyncOS Service disruption in (DoS) Vulnerabilities
Trust: 0.8
DESCRIPTION
Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple file-range requests, aka Bug ID CSCur39155. Vendors have confirmed this vulnerability Bug ID CSCur39155 It is released as.Multiple third parties file-range Service disruption via request ( Memory consumption ) There is a possibility of being put into a state. The Cisco AsyncOS operating system enhances the security and performance of Cisco Email Security appliances. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug IDs CSCur39155 and CSCuu29304. The following releases are affected: Cisco AsyncOS 8.x prior to 8.0.8-113, 8.1.x and 8.5.x prior to 8.5.3-051, 8.6.x and 8.7.x prior to 8.7.0-171-LD Version, 8.8.x version before 8.8.0-085
Trust: 2.61
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.0.6 | Trust: 1.6 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.0.0-000 | Trust: 1.6 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.0.8-mr-113 | Trust: 1.6 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.0.6-078 | Trust: 1.6 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.5.2-024 | Trust: 1.6 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.0.5 | Trust: 1.6 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.0.7-142 | Trust: 1.6 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.5.0-497 | Trust: 1.6 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.5.0.000 | Trust: 1.6 |
| vendor: | cisco | model: | asyncos | scope: | lt | version: | 8.7.x | Trust: 0.8 |
| vendor: | cisco | model: | asyncos | scope: | eq | version: | 8.5.3-051 | Trust: 0.8 |
| vendor: | cisco | model: | asyncos | scope: | lt | version: | 8.x | Trust: 0.8 |
| vendor: | cisco | model: | asyncos | scope: | eq | version: | 8.8.0-085 | Trust: 0.8 |
| vendor: | cisco | model: | asyncos | scope: | eq | version: | 8.7.0-171-ld | Trust: 0.8 |
| vendor: | cisco | model: | asyncos | scope: | lt | version: | 8.5.x | Trust: 0.8 |
| vendor: | cisco | model: | asyncos | scope: | eq | version: | 8.1.x | Trust: 0.8 |
| vendor: | cisco | model: | asyncos | scope: | lt | version: | 8.8.x | Trust: 0.8 |
| vendor: | cisco | model: | asyncos | scope: | eq | version: | 8.6.x | Trust: 0.8 |
| vendor: | cisco | model: | web security the appliance | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | asyncos | scope: | eq | version: | 8.0.8-113 | Trust: 0.8 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.x(<8.0.8-113) | Trust: 0.6 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.1.x | Trust: 0.6 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.5.x(<8.5.3-051) | Trust: 0.6 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.6.x | Trust: 0.6 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.7.x | Trust: 0.6 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 8.8.x(<8.8.0-085) | Trust: 0.6 |
| vendor: | cisco | model: | web security appliance | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | cisco | model: | asyncos | scope: | eq | version: | 9.0 | Trust: 0.3 |
| vendor: | cisco | model: | asyncos | scope: | eq | version: | 8.8 | Trust: 0.3 |
| vendor: | cisco | model: | asyncos | scope: | eq | version: | 8.6 | Trust: 0.3 |
| vendor: | cisco | model: | asyncos | scope: | eq | version: | 8.5 | Trust: 0.3 |
| vendor: | cisco | model: | asyncos | scope: | eq | version: | 8.1 | Trust: 0.3 |
| vendor: | cisco | model: | asyncos | scope: | eq | version: | 8.0 | Trust: 0.3 |
| vendor: | cisco | model: | asyncos | scope: | ne | version: | 8.8.0-085 | Trust: 0.3 |
| vendor: | cisco | model: | asyncos 8.7.0-171-ld | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | asyncos | scope: | ne | version: | 8.5.3-051 | Trust: 0.3 |
| vendor: | cisco | model: | asyncos | scope: | ne | version: | 8.0.8-113 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-399 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
resource management error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20151104-wsa2 | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa2 | Trust: 0.8 |
| title: | Patch for Cisco AsyncOS Denial of Service Vulnerability (CNVD-2015-07405) | url: | https://www.cnvd.org.cn/patchInfo/show/66477 | Trust: 0.6 |
| title: | Cisco Web Security Appliance AsyncOS Remediation of resource management error vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58597 | Trust: 0.6 |
| title: | Cisco: Cisco Web Security Appliance Range Request Denial of Service Vulnerability | url: | https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20151104-wsa2 | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-6293 | Trust: 3.5 |
| db: | SECTRACK | id: | 1034063 | Trust: 1.2 |
| db: | JVNDB | id: | JVNDB-2015-005767 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201511-101 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2015-07405 | Trust: 0.6 |
| db: | BID | id: | 77438 | Trust: 0.4 |
| db: | VULHUB | id: | VHN-84254 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2015-6293 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151104-wsa2 | Trust: 2.8 |
| url: | http://www.securitytracker.com/id/1034063 | Trust: 1.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6293 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6293 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/399.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
Cisco
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2015-07405 |
| db: | VULHUB | id: | VHN-84254 |
| db: | VULMON | id: | CVE-2015-6293 |
| db: | BID | id: | 77438 |
| db: | JVNDB | id: | JVNDB-2015-005767 |
| db: | CNNVD | id: | CNNVD-201511-101 |
| db: | NVD | id: | CVE-2015-6293 |
LAST UPDATE DATE
2024-11-23T22:07:57.554000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2015-07405 | date: | 2015-11-10T00:00:00 |
| db: | VULHUB | id: | VHN-84254 | date: | 2016-12-07T00:00:00 |
| db: | VULMON | id: | CVE-2015-6293 | date: | 2016-12-07T00:00:00 |
| db: | BID | id: | 77438 | date: | 2015-11-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-005767 | date: | 2015-11-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-201511-101 | date: | 2015-11-13T00:00:00 |
| db: | NVD | id: | CVE-2015-6293 | date: | 2024-11-21T02:34:43.110 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2015-07405 | date: | 2015-11-10T00:00:00 |
| db: | VULHUB | id: | VHN-84254 | date: | 2015-11-06T00:00:00 |
| db: | VULMON | id: | CVE-2015-6293 | date: | 2015-11-06T00:00:00 |
| db: | BID | id: | 77438 | date: | 2015-11-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-005767 | date: | 2015-11-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-201511-101 | date: | 2015-11-09T00:00:00 |
| db: | NVD | id: | CVE-2015-6293 | date: | 2015-11-06T03:59:02.497 |