Denial of Service Vulnerability in Cisco Web Security Appliance
CVE-2016-6469

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Web Security Appliance (wsa)
Vendor: CVE Published:; 14 December 2016

Summary

A flaw in the HTTP URL parsing mechanism of Cisco AsyncOS for the Cisco Web Security Appliance allows unauthenticated remote attackers to trigger a denial of service. This vulnerability results in the proxy process unexpectedly restarting, potentially causing service interruptions. Users of affected versions should upgrade to the fixed releases to mitigate the risk of exploitation.

Affected Version(s)

Cisco Web Security Appliance (WSA) Cisco Web Security Appliance (WSA)

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/94775

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2016
Vulnerability Reserved
Jul 26, 2016