Lucene search

K

[email protected]NVD:CVE-2015-0624

HistoryFeb 21, 2015 - 11:59 a.m.

CVE-2015-0624

2015-02-2111:59:02

CWE-20

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.9%

The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.

Affected configurations

NVD

Node

ciscocontent_security_management_applianceMatch-

OR

ciscoweb_security_applianceMatch-

OR

ciscoemail_security_appliance_firmwareMatch-

References

packetstormsecurity.com/files/130525/Cisco-Ironport-AsyncOS-HTTP-Header-Injection.html

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0624

www.securityfocus.com/bid/72702

www.securitytracker.com/id/1031781

www.securitytracker.com/id/1031782

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.9%

Related for NVD:CVE-2015-0624

packetstorm1 zdt1 cve1 cisco1 prion1 cvelist1