CVE-2013-3385
https://notcve.org/view.php?id=CVE-2013-3385
The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669. La interfaz de gestión en el framwork web de IronPort AsyncOS en dispositivos Cisco Web Security Appliance antes de v7.1.3-013, antes de v7.5.0-838 v7.5, y v7.7 antes de v7.7.0-602; Email Security Appliance dispositivos antes de v7.1.5-106 y v7.3, v7.5 y v7.6 antes de v7.6.3-019; y dispositivos Content Security Management Appliance antes de v7.9.1-102 y v8.0 antes v8.0.0-404 permite a atacantes remotos provocar una denegación de servicio (cuelgue del sistema) a través de una serie de (1) o HTTP (2) solicitudes HTTPS a una interfaz de gestión, también conocido como Bug ID CSCzv58669, CSCzv63329 y CSCzv78669. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa • CWE-399: Resource Management Errors •
CVE-2013-3386
https://notcve.org/view.php?id=CVE-2013-3386
The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712. El componente de IronPort Spam Quarantine (ISQ) en el framework web de IronPort AsyncOS en dispositivos Cisco Email Security Appliance anteriores a v7.1.5-106 y v7.3, v7.5 y v7.6 antes de v7.6.3-019 y dispositivos Content Security Management Appliance antes de v7.9.1 -102 y v8.0 antes de v8.0.0-404 permite a atacantes remotos provocar una denegación de servicio (caída del servicio o cuelgue) a través de una alta tasa de intentos de conexión TCP, identificadores de incidencias también conocido como CSCzv25573 y CSCzv81712. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma • CWE-399: Resource Management Errors •
CVE-2013-3384
https://notcve.org/view.php?id=CVE-2013-3384
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579. El framework web de IronPort AsyncOS en dispositivos Cisco Web Security Appliance antes v7.1.3-013, v7.5 antes de v7.5.0-838, y v7.7 antes de v7.7.0-550, dispositivos Email Security Appliance antes de v7.1.5-104, v7.3 antes de v7.3.2-026, v7.5 antes v7.5.2-203 y v7.6 antes v7.6.3-019, y dispositivos Content Security Management Appliance antes de v7.2.2-110, v7.7 antes de v7.7.0-213 y v7.8 y v7.9 antes de 7.9.1-102 permite a los usuarios remotos autenticados ejecutar código arbitrario a través de entrada de línea de comandos diseñado en una URL, también conocido como Bug ID CSCzv85726, CSCzv44633 y CSCzv24579. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2013-3396 – Cisco Ironport Cross Site Request Forgery / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-3396
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Content Security Management on Security Management Appliance (SMA) devices allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh24749. Vulnerabilidad XSS en Cisco Content Security Management sobre dispositivos Security Management Appliance (SMA), permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de un parámetro sin especificar. Aka Bug ID CSCuh24749. Cisco IronPort Security Management Appliance M170 version 7.9.1-030 suffers from cross site scripting and cross site request forgery vulnerabilities. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3396 http://www.securityfocus.com/bid/60829 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •