Cisco Web Security Appliance Web框架任意命令执行漏洞(CVE-2013-3384)

CVE(CAN) ID: CVE-2013-3384

Cisco Web Security Appliance是安全的Web网关，在一个平台上集成了恶意软件防护、应用可视化控制、策略控制等。Cisco IronPort AsyncOS是电子邮件安全设备。

Cisco Web Security Appliance设备上的IronPort AsyncOS在Web框架的实现上，以及Content Security Management Appliance设备和Email Security Appliance设备存在安全漏洞，经过身份验证的远程用户通过IPv4发送的URL特制命令行，利用此漏洞可执行任意命令。
0
Cisco Web Security Appliance <= 7.7.0-550
Cisco Web Security Appliance <= 7.5.0-838
Cisco Web Security Appliance <= 7.1.3-013
Cisco Email Security Appliance <= 7.6.3-019
Cisco Email Security Appliance <= 7.5.2-203
Cisco Email Security Appliance <= 7.3.2-026
Cisco Email Security Appliance <= 7.1.5-104
Cisco Content Security Management Appliance <= 7.9.1-102
Cisco Content Security Management Appliance <= 7.7.0-213
Cisco Content Security Management Appliance <= 7.2.2-110
厂商补丁：

Cisco

Cisco已经为此发布了一个安全公告（cisco-sa-20130626-wsa）以及相应补丁:
cisco-sa-20130626-wsa：Multiple Vulnerabilities in Cisco Web Security Appliance
链接：http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa