Lucene search

CiscoCVE-2015-6292

HistoryNov 06, 2015 - 11:59 a.m.

CVE-2015-6292

2015-11-0611:59:02

CWE-399

cisco

web.nvd.nist.gov

cisco

asyncos

proxy

cache

remote

dos

vulnerability

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

6.9

Confidence

High

EPSS

0.002

Percentile

56.0%

JSON

The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple proxy connections, aka Bug ID CSCus10922.

Affected configurations

Nvd

Node

ciscoweb_security_applianceMatch8.0.0-000

ciscoweb_security_applianceMatch8.0.5

ciscoweb_security_applianceMatch8.0.5hp1

ciscoweb_security_applianceMatch8.0.6

ciscoweb_security_applianceMatch8.0.6-119

ciscoweb_security_applianceMatch8.5.0-497

ciscoweb_security_applianceMatch8.5.0.000

VendorProductVersionCPE
ciscoweb_security_appliance8.0.0-000cpe:2.3:a:cisco:web_security_appliance:8.0.0-000:*:*:*:*:*:*:*
ciscoweb_security_appliance8.0.5cpe:2.3:a:cisco:web_security_appliance:8.0.5:*:*:*:*:*:*:*
ciscoweb_security_appliance8.0.5cpe:2.3:a:cisco:web_security_appliance:8.0.5:hp1:*:*:*:*:*:*
ciscoweb_security_appliance8.0.6cpe:2.3:a:cisco:web_security_appliance:8.0.6:*:*:*:*:*:*:*
ciscoweb_security_appliance8.0.6-119cpe:2.3:a:cisco:web_security_appliance:8.0.6-119:*:*:*:*:*:*:*
ciscoweb_security_appliance8.5.0-497cpe:2.3:a:cisco:web_security_appliance:8.5.0-497:*:*:*:*:*:*:*
ciscoweb_security_appliance8.5.0.000cpe:2.3:a:cisco:web_security_appliance:8.5.0.000:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	web_security_appliance	8.0.0-000	cpe:2.3:a:cisco:web_security_appliance:8.0.0-000:::::::*
cisco	web_security_appliance	8.0.5	cpe:2.3:a:cisco:web_security_appliance:8.0.5:::::::*
cisco	web_security_appliance	8.0.5	cpe:2.3:a:cisco:web_security_appliance:8.0.5:hp1::::::
cisco	web_security_appliance	8.0.6	cpe:2.3:a:cisco:web_security_appliance:8.0.6:::::::*
cisco	web_security_appliance	8.0.6-119	cpe:2.3:a:cisco:web_security_appliance:8.0.6-119:::::::*
cisco	web_security_appliance	8.5.0-497	cpe:2.3:a:cisco:web_security_appliance:8.5.0-497:::::::*
cisco	web_security_appliance	8.5.0.000	cpe:2.3:a:cisco:web_security_appliance:8.5.0.000:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa1

www.securitytracker.com/id/1034062

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

6.9

Confidence

High

EPSS

0.002

Percentile

56.0%

JSON

Related for CVE-2015-6292