Denial of Service Vulnerability in Cisco Email Security Appliance Products
CVE-2015-6309

Currently unrated

Key Information:

Vendor: Cisco
Status: Email Security Appliance; Email Security Appliance Firmware
Vendor: CVE Published:; 2 October 2015

Summary

A vulnerability in the Cisco Email Security Appliance (ESA) allows remote authenticated users to exploit the system through specifically crafted HTTP requests. This can lead to resource exhaustion on the server, specifically file-descriptor consumption, which may result in a denial of service. The affected versions, 8.5.6-106 and 9.6.0-042, need to be assessed for risk and mitigation steps should be implemented to protect against potential disruptions caused by this vulnerability.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1033716

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Oct 2, 2015
Vulnerability Reserved
Aug 17, 2015