264 matches found
CVE-2016-6394
Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503...
Session fixation
Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503...
CVE-2016-6394
Cisco Firepower Management Center and FireSIGHT System Software (up to version 6.1.0) suffer a session fixation flaw where the application does not assign a new session identifier after authentication, enabling an attacker to hijack a valid user session. Root cause: insecure session handling in t...
CVE-2016-6396
Cisco Firepower Management Center and FireSIGHT System Software before 6.1 are affected by CVE-2016-6396. The issue arises from improper validation of HTTP header fields in the malware blocking/detection features, which could allow an unauthenticated, remote attacker to bypass malware detection b...
CVE-2016-6394
Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503...
CVE-2016-6395
Cisco Firepower Management Center and FireSIGHT System Software are affected by CVE-2016-6395; the web-based management interface vulnerability allows remote authenticated users to inject arbitrary script or HTML via a crafted URL (XSS) in versions before 6.1. The issue is associated with Bug ID ...
CVE-2016-6396
Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482...
Cisco Firepower Management Center and FireSIGHT System Software Session Fixation Vulnerability
Cisco Firepower Management Center and FireSIGHT System Software are management center software from Cisco in the United States. A session fixation vulnerability exists in Cisco Firepower Management Center and FireSIGHT System Software, which allows remote attackers to exploit the vulnerability to...
Cisco Firepower Management Center and FireSIGHT System Software Security Bypass Vulnerability
Cisco Firepower Management Center and FireSIGHT System Software are management center software from Cisco in the United States. Cisco Firepower Management Center and FireSIGHT System Software fail to properly validate fields in HTTP headers, allowing remote attackers to exploit vulnerabilities to...
Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vulnerability
Cisco Firepower Management Center and FireSIGHT System Software are management center software from Cisco in the United States. A cross-site scripting vulnerability in the web-based management interface of Cisco Firepower Management Center and FireSIGHT System Software allows remote attackers to...
Cisco FireSIGHT System Software Session Fixation Vulnerability
A vulnerability in session identification management functionality of the web-based management interface for Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to hijack a valid user session. The vulnerability exists because the affected application does not assign a...
Cisco FireSIGHT System Software Malware Bypass Vulnerability
A vulnerability in the malicious file detection and blocking features of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. The vulnerability is due to improper input validation of fields in HTTP headers. A...
Cisco FireSIGHT System Software Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco FireSIGHT System Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient...
Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. The vulnerability is due to improper input...
Cisco Firepower Management Center and FireSIGHT System Software Session Fixation Vulnerability
A vulnerability in session identification management functionality of the web-based management interface for Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to hijack a valid user session. The vulnerability exists because the...
Cisco FireSIGHT Detection (HTTP)
This script performs HTTP based detection of Cisco FireSIGHT Management Center SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Cisco FireSIGHT System Software Snort Rule Bypass Vulnerability
A vulnerability in Snort rule detection in Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass configured rules that use Snort detection. The vulnerability is due to improper handling of HTTP header parameters. An attacker could exploit this vulnerability by...
CVE-2016-1463
Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737...
CVE-2016-1463
Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737...
Design/Logic Flaw
Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737...