4 matches found
Cisco Ironport AsyncOS HTTP Header Injection Vulnerability
Cisco Ironport AsyncOS suffers from an HTTP header injection vulnerability. Cisco Ironport AsyncOS HTTP Header Injection Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco Ironport ESA - AsyncOS 8.0.1-023 Cisco Ironport WSA - AsyncOS 8.5.5-021 Cisco Ironport SMA - AsyncO...
Cisco Ironport AsyncOS HTTP Header Injection
Cisco Ironport AsyncOS HTTP Header Injection Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco Ironport ESA - AsyncOS 8.0.1-023 Cisco Ironport WSA - AsyncOS 8.5.5-021 Cisco Ironport SMA - AsyncOS 8.4.0-138 Date: 24/02/2015 Credits: Glafkos Charalambous CVE: CVE-2015-062...
CVE-2015-0624
The web framework in Cisco AsyncOS on Email Security Appliance ESA, Content Security Management Appliance SMA, and Web Security Appliance WSA devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and...
CVE-2015-0624
Cisco AsyncOS web framework on ESA, SMA, and WSA is vulnerable to an HTTP header injection flaw due to insufficient validation of header values (notably Host/X-Forwarded-Host). A remote attacker can trigger redirects to arbitrary URLs by sending crafted HTTP headers, potentially aided by publicly...