Web Security Appliance Security Vulnerabilities and Issues — Web Security Appliance CVE List

Lucene search

CiscoWeb Security Appliance

15 matches found

CVE•added 2015/11/06 3:59 a.m.•57 views

CVE-2015-6321

Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005, and 9.5.x before 9.5.0-025 on Content Security Management Appliance (SMA) devices; and before 7.7.0...

7.8CVSS6.6AI score0.01001EPSS

CVE•added 2015/11/06 3:59 a.m.•49 views

CVE-2015-6293

Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple file-range requests, aka Bug ID CSCur3...

7.8CVSS6.9AI score0.00887EPSS

CVE•added 2015/11/06 11:59 a.m.•48 views

CVE-2015-6292

The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple pr...

7.8CVSS6.9AI score0.00887EPSS

CVE•added 2015/07/29 1:59 a.m.•45 views

CVE-2015-4288

The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain ...

4.3CVSS6.1AI score0.00137EPSS

CVE•added 2015/02/21 11:59 a.m.•43 views

CVE-2015-0624

The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633,...

4.3CVSS6.8AI score0.00149EPSS

CVE•added 2015/02/19 12:59 a.m.•42 views

CVE-2015-0623

Cross-site scripting (XSS) vulnerability in the Administrator report page on Cisco Web Security Appliance (WSA) devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus40627.

4.3CVSS5.9AI score0.00263EPSS

CVE•added 2015/07/29 1:59 a.m.•41 views

CVE-2015-0732

Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or...

4.3CVSS5.9AI score0.00296EPSS

CVE•added 2015/04/15 10:59 a.m.•40 views

CVE-2015-0693

Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via a crafted pickle file, aka Bug ID CSCut39259.

7.2CVSS7.6AI score0.00093EPSS

CVE•added 2015/06/20 2:59 p.m.•40 views

CVE-2015-4198

Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409.

4.3CVSS6AI score0.00416EPSS

CVE•added 2015/12/01 11:59 a.m.•39 views

CVE-2015-6386

The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions in which the control connection is ended after data transfer, aka Bug ID CSCut94150.

5CVSS6.9AI score0.00436EPSS

CVE•added 2015/05/17 1:59 a.m.•38 views

CVE-2015-0738

Cross-site scripting (XSS) vulnerability in the Web Tracking Report page on Cisco Web Security Appliance (WSA) devices 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCuu16008.

4.3CVSS6AI score0.00263EPSS

CVE•added 2015/02/20 2:59 a.m.•37 views

CVE-2015-0628

The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174.

5CVSS7AI score0.00184EPSS

CVE•added 2015/11/06 11:59 a.m.•36 views

CVE-2015-6298

The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arg...

9CVSS6.5AI score0.00456EPSS

CVE•added 2015/04/11 1:59 a.m.•33 views

CVE-2015-0692

7.2CVSS7.7AI score0.00093EPSS

CVE•added 2015/04/15 10:59 a.m.•32 views

CVE-2015-0698

Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213.

4.3CVSS5.9AI score0.00263EPSS