cnvd - cnvd-2016-01461

cnvd-2016-01461

Vulnerability from cnvd

Title

Cisco Web Security Appliance HTTPS数据包处理拒绝服务漏洞

Description

Cisco Web Security Appliance是安全的Web网关，在一个平台上集成了恶意软件防护、应用可视化控制、策略控制等。 Cisco Web Security Appliance (WSA)的Web代理框架存在安全漏洞，此漏洞源于未正确处理HTTPS数据包。允许未经身份验证的远程攻击者造成受影响设备拒绝服务。

Severity

高

Patch Name

Cisco Web Security Appliance HTTPS数据包处理拒绝服务漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-wsa

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-wsa

Impacted products

Name
['Cisco Web Security Appliance (WSA) < 8.5.3-051', 'Cisco Web Security Appliance (WSA) < 9.0.0-485']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1288"
    }
  },
  "description": "Cisco Web Security Appliance\u662f\u5b89\u5168\u7684Web\u7f51\u5173\uff0c\u5728\u4e00\u4e2a\u5e73\u53f0\u4e0a\u96c6\u6210\u4e86\u6076\u610f\u8f6f\u4ef6\u9632\u62a4\u3001\u5e94\u7528\u53ef\u89c6\u5316\u63a7\u5236\u3001\u7b56\u7565\u63a7\u5236\u7b49\u3002\r\n\r\nCisco Web Security Appliance (WSA)\u7684Web\u4ee3\u7406\u6846\u67b6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u6b64\u6f0f\u6d1e\u6e90\u4e8e\u672a\u6b63\u786e\u5904\u7406HTTPS\u6570\u636e\u5305\u3002\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u9020\u6210\u53d7\u5f71\u54cd\u8bbe\u5907\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-wsa",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-01461",
  "openTime": "2016-03-07",
  "patchDescription": "Cisco Web Security Appliance\u662f\u5b89\u5168\u7684Web\u7f51\u5173\uff0c\u5728\u4e00\u4e2a\u5e73\u53f0\u4e0a\u96c6\u6210\u4e86\u6076\u610f\u8f6f\u4ef6\u9632\u62a4\u3001\u5e94\u7528\u53ef\u89c6\u5316\u63a7\u5236\u3001\u7b56\u7565\u63a7\u5236\u7b49\u3002\r\n\r\nCisco Web Security Appliance (WSA)\u7684Web\u4ee3\u7406\u6846\u67b6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u6b64\u6f0f\u6d1e\u6e90\u4e8e\u672a\u6b63\u786e\u5904\u7406HTTPS\u6570\u636e\u5305\u3002\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u9020\u6210\u53d7\u5f71\u54cd\u8bbe\u5907\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Web Security Appliance HTTPS\u6570\u636e\u5305\u5904\u7406\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Web Security Appliance (WSA) \u003c 8.5.3-051",
      "Cisco Web Security Appliance (WSA) \u003c 9.0.0-485"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-wsa",
  "serverity": "\u9ad8",
  "submitTime": "2016-03-04",
  "title": "Cisco Web Security Appliance HTTPS\u6570\u636e\u5305\u5904\u7406\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2016-1288 (GCVE-0-2016-1288)

Vulnerability from cvelistv5

Published

2016-03-03 22:00

Modified

2024-08-05 22:48

Severity ?

CWE

Summary

The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by leveraging certain intranet connectivity and sending a malformed HTTPS request, aka Bug ID CSCuu24840.

References

URL

Tags

	http://www.securitytracker.com/id/1035163	vdb-entry, x_refsource_SECTRACK
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-wsa	vendor-advisory, x_refsource_CISCO