Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
CiscoWeb Security Appliance

65 matches found

CVE
CVEadded 2015/05/17 1:59 a.m.38 views

CVE-2015-0738

Cross-site scripting (XSS) vulnerability in the Web Tracking Report page on Cisco Web Security Appliance (WSA) devices 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCuu16008.

4.3CVSS6AI score0.00263EPSS
CVE
CVEadded 2016/12/14 12:59 a.m.38 views

CVE-2016-6469

A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting. More Information: CSCvb04312. Known Affected Releases: 9.0.1...

7.5CVSS7.5AI score0.00992EPSS
CVE
CVEadded 2018/01/18 6:29 a.m.38 views

CVE-2018-0093

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due t...

6.1CVSS6AI score0.00332EPSS
CVE
CVEadded 2014/06/10 11:19 a.m.37 views

CVE-2014-3289

Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbit...

4.3CVSS5.6AI score0.0066EPSS
CVE
CVEadded 2015/02/20 2:59 a.m.37 views

CVE-2015-0628

The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174.

5CVSS7AI score0.00184EPSS
CVE
CVEadded 2017/02/22 2:59 a.m.37 views

CVE-2017-3827

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: This ...

5.8CVSS5.7AI score0.00361EPSS
CVE
CVEadded 2015/11/06 11:59 a.m.36 views

CVE-2015-6298

The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arg...

9CVSS6.5AI score0.00456EPSS
CVE
CVEadded 2018/08/01 8:29 p.m.36 views

CVE-2018-0406

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected or Document Object Model based (DOM-based) cross-site scripting (XSS) attack against a user of the web-based management interface of an ...

6.1CVSS6AI score0.00196EPSS
CVE
CVEadded 2016/09/17 2:59 a.m.35 views

CVE-2016-6407

Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219.

7.5CVSS7.5AI score0.01199EPSS
CVE
CVEadded 2016/03/03 10:59 p.m.34 views

CVE-2016-1288

The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by leveraging certain intranet connectivity and sending a malformed HTTPS request, aka Bug ID CSCuu24840.

5.3CVSS5.3AI score0.00445EPSS
CVE
CVEadded 2016/05/25 1:59 a.m.34 views

CVE-2016-1381

Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an HTTP file-range request for cached content, aka Bug ID CSCuw97270.

7.8CVSS7.4AI score0.00486EPSS
CVE
CVEadded 2015/04/11 1:59 a.m.33 views

CVE-2015-0692

Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via crafted serialized objects, aka Bug ID CSCut39230.

7.2CVSS7.7AI score0.00093EPSS
CVE
CVEadded 2014/04/02 3:58 a.m.32 views

CVE-2014-2137

CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002.

4.3CVSS7AI score0.00211EPSS
CVE
CVEadded 2015/04/15 10:59 a.m.32 views

CVE-2015-0698

Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213.

4.3CVSS5.9AI score0.00263EPSS
CVE
CVEadded 2016/01/20 5:59 a.m.30 views

CVE-2016-1296

The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848.

7.5CVSS7.5AI score0.00369EPSS
Total number of security vulnerabilities65