CVE-2016-6437 - A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) c

CVE-2016-6437

Summary

A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation. More Information: CSCva03095. Known Affected Releases: 5.3(5), 6.1(1), 6.2(1). Known Fixed Releases: 5.3(5g)1, 6.2(2.32).

References

Vulnerable Configurations

cpe:2.3:a:cisco:wide_area_application_services:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:5.3.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:5.3.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:5.3.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:5.3.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:5.3.5a:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:5.3.5a:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:5.3.5b:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:5.3.5b:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:5.3.5c:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:5.3.5c:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:5.3.5d:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:5.3.5d:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:5.3.5e:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:5.3.5e:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:5.3.5f:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:5.3.5f:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:6.2.1a:*:*:*:*:*:*:*
cpe:2.3:a:cisco:wide_area_application_services:6.2.1a:*:*:*:*:*:*:*

CVSS

Base:	7.1 (as of 29-07-2017 - 01:34)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:C

refmap via4

bid	93524
confirm	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-waas
sectrack	1037002

Last major update

29-07-2017 - 01:34

Published

27-10-2016 - 21:59

Last modified

29-07-2017 - 01:34