Cisco FireSIGHT Management Center SSL HTTP Attack Detection Vulnerability
The vulnerability is due to improper HTTP attack detection of decrypted SSL connections. An attacker could exploit this vulnerability by embedding crafted HTTP packets in an encrypted SSL connection that could be flagged as an HTTP attack. An exploit could allow the attacker to bypass HTTP attack rules for SSL connections.
Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/1OaWcaZ
from Cisco Security Advisory http://ift.tt/1OaWcaZ