CVE-2015-0624
Cisco Ironport AsyncOS HTTP Header Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.
El Framework web en los dispositivos Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), y Web Security Appliance (WSA) permite a atacantes remotos provocar redirecciones a través de una cabecera HTTP manipulada, también conocido como Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, y CSCur89639.
Cisco Ironport AsyncOS suffers from an HTTP header injection vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-01-07 CVE Reserved
- 2015-02-21 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/72702 | Vdb Entry | |
http://www.securitytracker.com/id/1031781 | Vdb Entry | |
http://www.securitytracker.com/id/1031782 | Vdb Entry |
URL | Date | SRC |
---|---|---|
http://packetstormsecurity.com/files/130525/Cisco-Ironport-AsyncOS-HTTP-Header-Injection.html | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0624 | 2018-10-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Content Security Management Appliance Search vendor "Cisco" for product "Content Security Management Appliance" | - | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance" | - | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware" | - | - |
Affected
|