HTTP Header Injection Flaw in Cisco AsyncOS on Email Security and Web Appliances
CVE-2015-0624

Currently unrated

Key Information:

Vendor

Cisco
Status
Content Security Management Appliance
Web Security Appliance
Email Security Appliance Firmware
Vendor
CVE Published:
21 February 2015

What is CVE-2015-0624?

The web framework within Cisco's AsyncOS allows remote attackers to exploit improper handling of crafted HTTP headers, potentially redirecting users under malicious intent. This vulnerability affects multiple product lines including the Email Security Appliance, Content Security Management Appliance, and Web Security Appliance. Attackers can leverage this flaw to redirect traffic, misleading users and exposing them to further security risks. Organizations using these products should apply the necessary mitigations to safeguard against unauthorized access and ensure the integrity of user sessions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://packetstormsecurity.com/files/130525/Cisco-Ironpor...
x_refsource_MISC
http://www.securitytracker.com/id/1031782
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/72702
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.