Home Unlabelled Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability

Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability

By
Wednesday, November 04, 2015
Read
Add Comment
A vulnerability in the proxy cache functionality of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the device runs out of system memory.

The vulnerability is due to improper memory operations by the affected software. The software fails to free a memory object when it retrieves data from the proxy server cache to terminate a TCP connection. An attacker could exploit this vulnerability by opening many proxy connections through the WSA. An exploit could allow the attacker to cause the WSA to stop passing traffic when enough memory is leaked.

Cisco has released software updates that address this vulnerability. A workaround that mitigates this vulnerability is also available.

This advisory is available at the following link:

http://ift.tt/1kaJeNo

from Cisco Security Advisory http://ift.tt/1kaJeNo
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us