Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2016-6407
HistorySep 17, 2016 - 2:59 a.m.

CVE-2016-6407

2016-09-1702:59:02
CWE-399
cisco
web.nvd.nist.gov
27
4
cve-2016-6407
cisco
asyncos
wsa
denial of service
bug id cscuz27219
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.006

Percentile

77.8%

JSON

Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219.

Affected configurations

Nvd
Node
ciscoweb_security_applianceMatch5.6.0-623
OR
ciscoweb_security_applianceMatch6.0.0-000
OR
ciscoweb_security_applianceMatch7.1.0
OR
ciscoweb_security_applianceMatch7.1.1
OR
ciscoweb_security_applianceMatch7.1.2
OR
ciscoweb_security_applianceMatch7.1.3
OR
ciscoweb_security_applianceMatch7.1.4
OR
ciscoweb_security_applianceMatch7.5.0-000
OR
ciscoweb_security_applianceMatch7.5.0-825
OR
ciscoweb_security_applianceMatch7.5.1-000
OR
ciscoweb_security_applianceMatch7.5.2-000
OR
ciscoweb_security_applianceMatch7.5.2-hp2-303
OR
ciscoweb_security_applianceMatch7.7.0-000
OR
ciscoweb_security_applianceMatch7.7.0-608
OR
ciscoweb_security_applianceMatch7.7.1-000
OR
ciscoweb_security_applianceMatch7.7.5-835
OR
ciscoweb_security_applianceMatch8.0.0-000
OR
ciscoweb_security_applianceMatch8.0.5
OR
ciscoweb_security_applianceMatch8.0.6
OR
ciscoweb_security_applianceMatch8.0.6-078
OR
ciscoweb_security_applianceMatch8.0.6-119
OR
ciscoweb_security_applianceMatch8.0.7
OR
ciscoweb_security_applianceMatch8.0.7-142
OR
ciscoweb_security_applianceMatch8.0.8-mr-113
OR
ciscoweb_security_applianceMatch8.5.0-497
OR
ciscoweb_security_applianceMatch8.5.0.000
OR
ciscoweb_security_applianceMatch8.5.1-021
OR
ciscoweb_security_applianceMatch8.5.2-024
OR
ciscoweb_security_applianceMatch8.5.2-027
OR
ciscoweb_security_applianceMatch8.5.3-055
OR
ciscoweb_security_applianceMatch8.8.0-000
OR
ciscoweb_security_applianceMatch8.8.0-085
OR
ciscoweb_security_applianceMatch9.0.0-193
OR
ciscoweb_security_applianceMatch9.0_base
OR
ciscoweb_security_applianceMatch9.1.0-000
OR
ciscoweb_security_applianceMatch9.1.0-070
OR
ciscoweb_security_applianceMatch9.1_base
OR
ciscoweb_security_applianceMatch9.5.0-235
OR
ciscoweb_security_applianceMatch9.5.0-284
OR
ciscoweb_security_applianceMatch9.5.0-444
OR
ciscoweb_security_applianceMatch9.5_base
VendorProductVersionCPE
ciscoweb_security_appliance5.6.0-623cpe:2.3:a:cisco:web_security_appliance:5.6.0-623:*:*:*:*:*:*:*
ciscoweb_security_appliance6.0.0-000cpe:2.3:a:cisco:web_security_appliance:6.0.0-000:*:*:*:*:*:*:*
ciscoweb_security_appliance7.1.0cpe:2.3:a:cisco:web_security_appliance:7.1.0:*:*:*:*:*:*:*
ciscoweb_security_appliance7.1.1cpe:2.3:a:cisco:web_security_appliance:7.1.1:*:*:*:*:*:*:*
ciscoweb_security_appliance7.1.2cpe:2.3:a:cisco:web_security_appliance:7.1.2:*:*:*:*:*:*:*
ciscoweb_security_appliance7.1.3cpe:2.3:a:cisco:web_security_appliance:7.1.3:*:*:*:*:*:*:*
ciscoweb_security_appliance7.1.4cpe:2.3:a:cisco:web_security_appliance:7.1.4:*:*:*:*:*:*:*
ciscoweb_security_appliance7.5.0-000cpe:2.3:a:cisco:web_security_appliance:7.5.0-000:*:*:*:*:*:*:*
ciscoweb_security_appliance7.5.0-825cpe:2.3:a:cisco:web_security_appliance:7.5.0-825:*:*:*:*:*:*:*
ciscoweb_security_appliance7.5.1-000cpe:2.3:a:cisco:web_security_appliance:7.5.1-000:*:*:*:*:*:*:*
Rows per page:
1-10 of 411

Social References

More

Related

prion 1
cisco 1
nvd 1
cvelist 1
openvas 1
prion
prion
Code injection
2016-09-17 02:59:00
cisco
cisco
Cisco Web Security Appliance HTTP Load Denial of Service Vulnerability
2016-09-14 16:00:00
nvd
nvd
CVE-2016-6407
2016-09-17 02:59:02
cvelist
cvelist
CVE-2016-6407
2016-09-17 01:00:00
openvas
openvas
Cisco Web Security Appliance HTTP Load Denial of Service Vulnerability
2016-09-16 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.006

Percentile

77.8%

JSON
Related for CVE-2016-6407
prion1cisco1nvd1cvelist1openvas1