CVE-2015-0624

Exploit

EPSS 0.15%
Published 21.02.2015 11:59:02
Last modified 12.04.2025 10:46:40
Source psirt@cisco.com
Teams watchlist Login
Open Login

The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.

Affected products Warnungen 0 Metrics 2 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Content Security Management Appliance Version-

Cisco ≫ Web Security Appliance Version-

Cisco ≫ Email Security Appliance Firmware Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.32

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://packetstormsecurity.com/files/130525/Cisco-Ironport-AsyncOS-HTTP-Header-Injection.html

Exploit

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0624

Vendor Advisory

http://www.securityfocus.com/bid/72702

http://www.securitytracker.com/id/1031781

http://www.securitytracker.com/id/1031782

https://nvd.nist.gov/vuln/detail/CVE-2015-0624

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-0624

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-0624

EUVD