Lucene search
K

4 matches found

0day.today
0day.today
added 2015/02/26 12:0 a.m.61 views

Cisco Ironport AsyncOS HTTP Header Injection Vulnerability

Cisco Ironport AsyncOS suffers from an HTTP header injection vulnerability. Cisco Ironport AsyncOS HTTP Header Injection Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco Ironport ESA - AsyncOS 8.0.1-023 Cisco Ironport WSA - AsyncOS 8.5.5-021 Cisco Ironport SMA - AsyncO...

4.3CVSS6.9AI score0.02157EPSS
Exploits3
Packet Storm
Packet Storm
added 2015/02/25 12:0 a.m.44 views

Cisco Ironport AsyncOS HTTP Header Injection

Cisco Ironport AsyncOS HTTP Header Injection Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco Ironport ESA - AsyncOS 8.0.1-023 Cisco Ironport WSA - AsyncOS 8.5.5-021 Cisco Ironport SMA - AsyncOS 8.4.0-138 Date: 24/02/2015 Credits: Glafkos Charalambous CVE: CVE-2015-062...

4.3CVSS6.7AI score0.02157EPSS
Exploits3
NVD
NVD
added 2015/02/21 11:59 a.m.25 views

CVE-2015-0624

The web framework in Cisco AsyncOS on Email Security Appliance ESA, Content Security Management Appliance SMA, and Web Security Appliance WSA devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and...

4.3CVSS6.6AI score0.02157EPSS
Exploits3References5
CVE
CVE
added 2015/02/21 11:0 a.m.58 views

CVE-2015-0624

Cisco AsyncOS web framework on ESA, SMA, and WSA is vulnerable to an HTTP header injection flaw due to insufficient validation of header values (notably Host/X-Forwarded-Host). A remote attacker can trigger redirects to arbitrary URLs by sending crafted HTTP headers, potentially aided by publicly...

4.3CVSS6.8AI score0.02157EPSS
Exploits3References5Affected Software3
Rows per page
Query Builder