CVE-2015-6290 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco WEB Security Virtual Appliance

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 34.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco WEB Security Virtual Appliance

Timeline

PublishedSep 14

Latest updateMay 17

Description

Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/web_security_virtual_appliance4 versions+3

🔴Vulnerability Details

GHSA

GHSA-h7qw-5c46-g9j3: Cisco Web Security Appliance (WSA) 8↗2022-05-17

▶

CVEList

CVE-2015-6290: Cisco Web Security Appliance (WSA) 8↗2015-09-14

▶

📋Vendor Advisories

Cisco

Cisco Web Security Appliance Malformed HTTP Response Denial of Service Vulnerability↗2015-09-09

▶