CVE-2016-1380Improper Input Validation in Cisco WEB Security Appliance

CWE-20Improper Input ValidationCWE-200Sensitive Information ExposureCWE-522Insufficiently Protected Credentials5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 31.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco WEB Security Appliance
Timeline
PublishedMay 25
Latest updateOct 2

Description

Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDcisco/web_security_appliance14 versions+13

🔴Vulnerability Details

3
GHSA
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission2024-10-02
GHSA
GHSA-8748-j86w-jgvf: Cisco AsyncOS 82022-05-17
CVEList
CVE-2016-1380: Cisco AsyncOS 82016-05-25

📋Vendor Advisories

1
Cisco
Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability2016-05-18
CVE-2016-1380 — Improper Input Validation in Cisco | cvebase