CVE-2017-6751
https://notcve.org/view.php?id=CVE-2017-6751
A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485. Una vulnerabilidad en la funcionalidad proxy web de Cisco Web Security Appearance (WSA) podría permitir que un atacante remoto no autenticado redirija tráfico de la interfaz proxy web de un dispositivo afectado a una interfaz de administración de un dispositivo afectado. • http://www.securityfocus.com/bid/99967 http://www.securitytracker.com/id/1038959 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5 • CWE-20: Improper Input Validation •
CVE-2017-3870
https://notcve.org/view.php?id=CVE-2017-3870
A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA), both virtual and hardware appliances, that are configured with URL filters for email scanning. More Information: CSCvc69700. Known Affected Releases: 8.5.3-069 9.1.1-074 9.1.2-010. Una vulnerabilidad en la característica de filtrado de URL de Cisco AsyncOS Software para Cisco Web Security Appliance (WSA) podría permitir a un atacante remoto no autenticado omitir una regla de filtro de URL configurada. • http://www.securityfocus.com/bid/96907 http://www.securitytracker.com/id/1038043 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-9212
https://notcve.org/view.php?id=CVE-2016-9212
A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website. Affected Products: This vulnerability affects Cisco Web Security Appliances if the HTTPS decryption options are enabled and configured for the device to block connections to certain websites. More Information: CSCvb49012. Known Affected Releases: 9.0.1-162 9.1.1-074. Una vulnerabilidad en el parámetro de configuración Decrypt for End-User Notification en Cisco AsyncOS Software para Cisco Web Security Appliances podría permitir a un atacante remoto no autenticado conectarse a un sitio web seguro sobre Secure Sockets Layer (SSL) o Transport Layer Security (TLS), incluso si el WSA está configurado para bloquear conexiones al sitio web. • http://www.securityfocus.com/bid/94774 http://www.securitytracker.com/id/1037410 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa1 • CWE-20: Improper Input Validation •
CVE-2016-6469
https://notcve.org/view.php?id=CVE-2016-6469
A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting. More Information: CSCvb04312. Known Affected Releases: 9.0.1-162 9.1.1-074. Known Fixed Releases: 10.1.0-129 9.1.2-010. Una vulnerabilidad en el análisis gramatical HTTP URL de Cisco AsyncOS para Cisco Web Security Appliance (WSA) puede permitir a un atacante remoto no autenticado provocar una vulnerabilidad de denegación de servicio (DoS) debido a un reinicio no esperado del proceso proxy. • http://www.securityfocus.com/bid/94775 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa • CWE-399: Resource Management Errors •
CVE-2016-6360
https://notcve.org/view.php?id=CVE-2016-6360
A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting. Affected Products: Cisco AsyncOS Software for Email Security Appliances (ESA) versions 9.5 and later up to the first fixed release, Cisco AsyncOS Software for Web Security Appliances (WSA) all versions prior to the first fixed release. More Information: CSCux56406, CSCux59928. Known Affected Releases: 9.6.0-051 9.7.0-125 8.8.0-085 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.7.1-066 WSA10.0.0-233. • http://www.securityfocus.com/bid/93910 http://www.securitytracker.com/id/1037120 http://www.securitytracker.com/id/1037121 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa3 • CWE-20: Improper Input Validation •