CVE-2019-1884
published 2019-07-04CVE-2019-1884: A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker…
medium6.5CVSS 3.0
AVNACLPRLUINSUCNINAH
A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation mechanisms for certain fields in HTTP/HTTPS requests sent through an affected device. A successful attacker could exploit this vulnerability by sending a malicious HTTP/HTTPS request through an affected device. An exploit could allow the attacker to force the device to stop processing traffic, resulting in a DoS condition.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | asyncos | >= 10.1 < 10.5.5-005 | 10.5.5-005 |
| cisco | asyncos | >= 11.5 < 11.5.2-020 | 11.5.2-020 |
| cisco | asyncos | >= 11.7 < 11.7.0-407 | 11.7.0-407 |
| cisco | cisco_web_security_appliance | >= unspecified < 10.5.5-005 | 10.5.5-005 |
| cisco | web_security_appliance | — | — |
| cisco | web_security_appliance | — | — |
| cisco | web_security_appliance | — | — |
| cisco | web_security_appliance | — | — |
| cisco | web_security_appliance_web_proxy | — | — |