Lucene search

[email protected]CVE-2015-0624

HistoryFeb 21, 2015 - 11:59 a.m.

CVE-2015-0624

2015-02-2111:59:02

CWE-20

[email protected]

web.nvd.nist.gov

cisco

asyncos

email security appliance

content security management appliance

web security appliance

cve-2015-0624

nvd

bug ids

cscur44412

cscur44415

cscur89630

cscur89636

cscur89633

cscur89639

http header

redirect

security vulnerability

information security

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.9%

JSON

The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.

Affected configurations

NVD

Node

ciscocontent_security_management_applianceMatch-

ciscoweb_security_applianceMatch-

ciscoemail_security_appliance_firmwareMatch-

CPENameOperatorVersion
cisco:content_security_management_appliancecisco content security management applianceeq-
cisco:web_security_appliancecisco web security applianceeq-
cisco:email_security_appliance_firmwarecisco email security appliance firmwareeq-

CPE	Name	Operator	Version
cisco:content_security_management_appliance	cisco content security management appliance	eq	-
cisco:web_security_appliance	cisco web security appliance	eq	-
cisco:email_security_appliance_firmware	cisco email security appliance firmware	eq	-