Lucene search

CiscoCVE-2015-0624

HistoryFeb 21, 2015 - 11:59 a.m.

CVE-2015-0624

2015-02-2111:59:02

CWE-20

cisco

web.nvd.nist.gov

cisco

asyncos

email security appliance

content security management appliance

web security appliance

cve-2015-0624

nvd

bug ids

cscur44412

cscur44415

cscur89630

cscur89636

cscur89633

cscur89639

http header

redirect

security vulnerability

information security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.002

Percentile

54.8%

JSON

The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.

Affected configurations

Nvd

Node

ciscocontent_security_management_applianceMatch-

ciscoweb_security_applianceMatch-

ciscoemail_security_appliance_firmwareMatch-

VendorProductVersionCPE
ciscocontent_security_management_appliance-cpe:2.3:h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:*
ciscoweb_security_appliance-cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*
ciscoemail_security_appliance_firmware-cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	content_security_management_appliance	-	cpe:2.3:h:cisco:content_security_management_appliance:-:::::::*
cisco	web_security_appliance	-	cpe:2.3:h:cisco:web_security_appliance:-:::::::*
cisco	email_security_appliance_firmware	-	cpe:2.3:o:cisco:email_security_appliance_firmware:-:::::::*