CVE-2019-1817

CWE-20Improper Input Validation10 documents5 sources
Severity
7.5HIGH
EPSS
0.7%
top 29.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco WEB Security Appliance (wsa)Cisco WEB Security Appliance
Timeline
PublishedMay 3
Latest updateMay 24

Description

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of HTTP and HTTPS requests. An attacker could exploit this vulnerability by sending a malformed HTTP or HTTPS request to an affected device. An exploit could allow the attacker to cause a restart of the web proxy process, resultin

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_web_security_appliance_(wsa)unspecified11.5.2-020+1

🔴Vulnerability Details

2
GHSA
GHSA-7577-f2mx-w9rc: A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance could allow an unauthenticated, remote attac2022-05-24
CVEList
Cisco Web Security Appliance Malformed Request Denial of Service Vulnerability2019-05-03

📋Vendor Advisories

1
Cisco
Cisco Web Security Appliance Malformed Request Denial of Service Vulnerability2019-05-01

💬Community

3
Bugzilla
CVE-2019-2762 OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328)2019-07-16
Bugzilla
CVE-2019-2821 OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678)2019-07-16
Bugzilla
CVE-2019-2818 OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344)2019-07-15
CVE-2019-1817 (HIGH CVSS 7.5) | A vulnerability in the web proxy fu | cvebase.io