CVE-2016-1381Sensitive Information Exposure in Cisco WEB Security Appliance

CWE-399CWE-200Sensitive Information ExposureCWE-522Insufficiently Protected Credentials5 documents5 sources
Severity
7.5HIGHNVD
EPSS
1.1%
top 21.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco WEB Security Appliance
Timeline
PublishedMay 25
Latest updateOct 2

Description

Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an HTTP file-range request for cached content, aka Bug ID CSCuw97270.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDcisco/web_security_appliance10 versions+9

🔴Vulnerability Details

3
GHSA
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission2024-10-02
GHSA
GHSA-c4wh-vx9c-g273: Memory leak in Cisco AsyncOS 82022-05-17
CVEList
CVE-2016-1381: Memory leak in Cisco AsyncOS 82016-05-25

📋Vendor Advisories

1
Cisco
Cisco Web Security Appliance Cached Range Request Denial of Service Vulnerability2016-05-18
CVE-2016-1381 — Sensitive Information Exposure in Cisco | cvebase