Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2016-6439
HistoryOct 27, 2016 - 9:59 p.m.

CVE-2016-6439

2016-10-2721:59:11
CWE-399
cisco
web.nvd.nist.gov
39
4
cve-2016-6439
cisco
firepower system software
dos
http
vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

68.4%

JSON

A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper handling of an HTTP packet stream. An attacker could exploit this vulnerability by sending a crafted HTTP packet stream to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped.

Affected configurations

Nvd
Node
ciscofirepower_management_centerMatch5.3.0
OR
ciscofirepower_management_centerMatch5.3.0.2
OR
ciscofirepower_management_centerMatch5.3.0.3
OR
ciscofirepower_management_centerMatch5.3.0.4
OR
ciscofirepower_management_centerMatch5.3.1
OR
ciscofirepower_management_centerMatch5.3.1.3
OR
ciscofirepower_management_centerMatch5.3.1.4
OR
ciscofirepower_management_centerMatch5.3.1.5
OR
ciscofirepower_management_centerMatch5.3.1.6
OR
ciscofirepower_management_centerMatch5.4.0
OR
ciscofirepower_management_centerMatch5.4.0.2
OR
ciscofirepower_management_centerMatch5.4.1
OR
ciscofirepower_management_centerMatch5.4.1.1
OR
ciscofirepower_management_centerMatch5.4.1.2
OR
ciscofirepower_management_centerMatch5.4.1.3
OR
ciscofirepower_management_centerMatch5.4.1.4
OR
ciscofirepower_management_centerMatch5.4.1.5
OR
ciscofirepower_management_centerMatch5.4.1.6
OR
ciscofirepower_management_centerMatch5.4_base
OR
ciscofirepower_management_centerMatch6.0.0
OR
ciscofirepower_management_centerMatch6.0.0.0
OR
ciscofirepower_management_centerMatch6.0.0.1
OR
ciscofirepower_management_centerMatch6.0.1
OR
ciscofirepower_management_centerMatch6.0_base
VendorProductVersionCPE
ciscofirepower_management_center5.3.0cpe:2.3:a:cisco:firepower_management_center:5.3.0:*:*:*:*:*:*:*
ciscofirepower_management_center5.3.0.2cpe:2.3:a:cisco:firepower_management_center:5.3.0.2:*:*:*:*:*:*:*
ciscofirepower_management_center5.3.0.3cpe:2.3:a:cisco:firepower_management_center:5.3.0.3:*:*:*:*:*:*:*
ciscofirepower_management_center5.3.0.4cpe:2.3:a:cisco:firepower_management_center:5.3.0.4:*:*:*:*:*:*:*
ciscofirepower_management_center5.3.1cpe:2.3:a:cisco:firepower_management_center:5.3.1:*:*:*:*:*:*:*
ciscofirepower_management_center5.3.1.3cpe:2.3:a:cisco:firepower_management_center:5.3.1.3:*:*:*:*:*:*:*
ciscofirepower_management_center5.3.1.4cpe:2.3:a:cisco:firepower_management_center:5.3.1.4:*:*:*:*:*:*:*
ciscofirepower_management_center5.3.1.5cpe:2.3:a:cisco:firepower_management_center:5.3.1.5:*:*:*:*:*:*:*
ciscofirepower_management_center5.3.1.6cpe:2.3:a:cisco:firepower_management_center:5.3.1.6:*:*:*:*:*:*:*
ciscofirepower_management_center5.4.0cpe:2.3:a:cisco:firepower_management_center:5.4.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 241

CNA Affected

[
  {
    "product": "Cisco Firepower System Software before 6.0.1",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Firepower System Software before 6.0.1"
      }
    ]
  }
]

Social References

More

Related

prion 1
cvelist 1
nvd 1
openvas 1
nessus 1
cisco 1
prion
prion
Input validation
2016-10-27 21:59:00
cvelist
cvelist
CVE-2016-6439
2016-10-27 21:00:00
nvd
nvd
CVE-2016-6439
2016-10-27 21:59:11
openvas
openvas
Cisco Firepower Detection Engine HTTP Denial of Service Vulnerability
2016-10-20 00:00:00
nessus
nessus
Cisco Firepower Packet Inspection Engine HTTP Stream DoS
2016-11-02 00:00:00
cisco
cisco
Cisco Firepower Detection Engine HTTP Denial of Service Vulnerability
2016-10-19 16:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

68.4%

JSON
Related for CVE-2016-6439
prion1cvelist1nvd1openvas1nessus1cisco1