Details of VAR-201605-0558

ID

VAR-201605-0558

CVE

CVE-2016-1383

TITLE

Cisco Web Security Runs on the appliance device AsyncOS Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-002924

DESCRIPTION

Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug ID CSCur28305. Cisco AsyncOS for Cisco Web Security Appliance is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCur28305. The vulnerability is caused by not releasing the connection memory and system file descriptors of the client and server when the program receives a specific HTTP response code

Trust: 1.98

sources: NVD: CVE-2016-1383 // JVNDB: JVNDB-2016-002924 // BID: 90744 // VULHUB: VHN-90202

AFFECTED PRODUCTS

vendor:	cisco	model:	web security appliance \	scope:	eq	version:	6.0.0-000	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	7.5.2-000	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	7.7.0-000	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	8.5.2-027	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	8.0.0-000	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	7.5.0-825	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	7.5.0-000	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	8.5.0.000	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	8.5.1-021	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	8.0.7-142	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	8.5.0-497	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	7.1.3	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	7.1.1	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	8.5.2-024	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	7.1.4	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	8.0.5	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	7.1.2	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	7.7.1-000	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	8.5.3-055	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	8.0.8-mr-113	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	5.6.0-623	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	8.0.6-078	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	8.0.6-119	Trust: 1.0
vendor:	cisco	model:	web security appliance \	scope:	eq	version:	7.5.1-000	Trust: 1.0
vendor:	cisco	model:	web security the appliance	scope:	lte	version:	8.8	Trust: 0.8
vendor:	cisco	model:	web security appliance	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	asyncos	scope:	eq	version:	7.5	Trust: 0.3
vendor:	cisco	model:	asyncos	scope:	eq	version:	7.1.5-026	Trust: 0.3
vendor:	cisco	model:	asyncos	scope:	eq	version:	7.1.3-010	Trust: 0.3

sources: BID: 90744 // JVNDB: JVNDB-2016-002924 // CNNVD: CNNVD-201605-462 // NVD: CVE-2016-1383

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1383
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1383
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201605-462
value:	HIGH
Trust: 0.6
VULHUB:	VHN-90202
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-1383
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90202
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1383
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90202 // JVNDB: JVNDB-2016-002924 // CNNVD: CNNVD-201605-462 // NVD: CVE-2016-1383

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-90202 // JVNDB: JVNDB-2016-002924 // NVD: CVE-2016-1383

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-462

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201605-462

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002924

PATCH

title:	cisco-sa-20160518-wsa4	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa4	Trust: 0.8
title:	Cisco Web Security Appliance AsyncOS Remediation measures for denial of service vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61776	Trust: 0.6

sources: JVNDB: JVNDB-2016-002924 // CNNVD: CNNVD-201605-462

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1383	Trust: 2.8
db:	SECTRACK	id:	1035911	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-002924	Trust: 0.8
db:	CNNVD	id:	CNNVD-201605-462	Trust: 0.7
db:	BID	id:	90744	Trust: 0.4
db:	VULHUB	id:	VHN-90202	Trust: 0.1

sources: VULHUB: VHN-90202 // BID: 90744 // JVNDB: JVNDB-2016-002924 // CNNVD: CNNVD-201605-462 // NVD: CVE-2016-1383

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160518-wsa4	Trust: 1.4
url:	http://www.securitytracker.com/id/1035911	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1383	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1383	Trust: 0.8
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160518-wsa4/	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-90202 // BID: 90744 // JVNDB: JVNDB-2016-002924 // CNNVD: CNNVD-201605-462 // NVD: CVE-2016-1383

CREDITS

Cisco

Trust: 0.3

sources: BID: 90744

SOURCES

db:	VULHUB	id:	VHN-90202
db:	BID	id:	90744
db:	JVNDB	id:	JVNDB-2016-002924
db:	CNNVD	id:	CNNVD-201605-462
db:	NVD	id:	CVE-2016-1383

LAST UPDATE DATE

2024-11-23T22:59:29.212000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90202	date:	2016-12-01T00:00:00
db:	BID	id:	90744	date:	2016-05-18T00:00:00
db:	JVNDB	id:	JVNDB-2016-002924	date:	2016-05-27T00:00:00
db:	CNNVD	id:	CNNVD-201605-462	date:	2016-05-25T00:00:00
db:	NVD	id:	CVE-2016-1383	date:	2024-11-21T02:46:20.400

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90202	date:	2016-05-25T00:00:00
db:	BID	id:	90744	date:	2016-05-18T00:00:00
db:	JVNDB	id:	JVNDB-2016-002924	date:	2016-05-27T00:00:00
db:	CNNVD	id:	CNNVD-201605-462	date:	2016-05-19T00:00:00
db:	NVD	id:	CVE-2016-1383	date:	2016-05-25T01:59:07.177