Lucene search
+L
CiscoWeb Security Appliance-

9 matches found

CVE
CVE
added 2021/06/16 5:45 p.m.71 views

CVE-2021-1566

CVE-2021-1566 affects Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) due to improper TLS certificate validation in the AMP for Endpoints integration (AsyncOS). A remote, unauthenticated attacker could perform a man-in-the-middle to intercept traffic between the device...

7.4CVSS7.2AI score0.0067EPSS
CVE
CVE
added 2013/07/02 1:0 a.m.70 views

CVE-2013-3395

CVE-2013-3395 describes a CSRF flaw in the web framework of Cisco IronPort products (Web Security Appliance, Email Security Appliance, Content Security Management Appliance). The vulnerability allows remote attackers to hijack the authentication of arbitrary users by inducing them to perform unwa...

6.8CVSS7.5AI score0.00576EPSS
CVE
CVE
added 2021/05/06 12:51 p.m.69 views

CVE-2021-1516

CVE-2021-1516 affects Cisco AsyncOS Software on the Cisco Content Security Management Appliance (SMA), Email Security Appliance (ESA), and Web Security Appliance (WSA). Root cause: confidential information is included in HTTP requests exchanged between the user and the device, allowing an authent...

6.5CVSS5.2AI score0.01156EPSS
CVE
CVE
added 2015/02/21 11:0 a.m.60 views

CVE-2015-0624

Cisco AsyncOS web framework on ESA, SMA, and WSA is vulnerable to an HTTP header injection flaw due to insufficient validation of header values (notably Host/X-Forwarded-Host). A remote attacker can trigger redirects to arbitrary URLs by sending crafted HTTP headers, potentially aided by publicly...

4.3CVSS6.8AI score0.02157EPSS
CVE
CVE
added 2013/10/24 10:0 a.m.55 views

CVE-2013-5537

The CVE-2013-5537 issue affects Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA). The web framework does not properly manage HTTP/HTTPS session state, allowing an unauthenticated remote attacker to cause a denial of service (manag...

7.8CVSS7AI score0.01328EPSS
CVE
CVE
added 2015/02/19 12:0 a.m.54 views

CVE-2015-0623

CVE-2015-0623 affects Cisco Web Security Appliance (WSA) Administrator report page. The issue is due to insufficient input validation, enabling unauthenticated remote XSS via unspecified vectors. Impact can include arbitrary script execution, cookie theft, and session hijacking on affected users....

4.3CVSS5.9AI score0.00942EPSS
CVE
CVE
added 2015/02/20 2:0 a.m.54 views

CVE-2015-0628

The CVE-2015-0628 issue affects Cisco Web Security Appliance (WSA) where the proxy engine fails to properly handle malformed HTTP methods, enabling remote attackers to bypass proxying restrictions. This is a vulnerability in the proxy component that could permit unauthorized proxy traffic if an a...

5CVSS7AI score0.01246EPSS
CVE
CVE
added 2014/06/10 10:0 a.m.51 views

CVE-2014-3289

CVE-2014-3289 is a reflected XSS vulnerability in Cisco AsyncOS used by ESA, WSA, and SMA. The issue stems from insufficient input validation of the date_range parameter on the web management interface (notably monitor/reports/overview). A remote attacker can inject arbitrary script by tricking a...

4.3CVSS5.6AI score0.02426EPSS
Web
CVE
CVE
added 2014/04/02 1:0 a.m.47 views

CVE-2014-2137

Cisco Web Security Appliance (WSA) 7.x and 8.x are affected by a CRLF injection vulnerability in the web framework. The root cause is insufficient validation of input used as HTTP header values, allowing remote attackers to inject arbitrary headers and perform redirection attacks via crafted URLs...

4.3CVSS7AI score0.00947EPSS