// For flags

CVE-2015-0624

Cisco Ironport AsyncOS HTTP Header Injection

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.

El Framework web en los dispositivos Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), y Web Security Appliance (WSA) permite a atacantes remotos provocar redirecciones a través de una cabecera HTTP manipulada, también conocido como Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, y CSCur89639.

Cisco Ironport AsyncOS suffers from an HTTP header injection vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-01-07 CVE Reserved
  • 2015-02-21 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Content Security Management Appliance
Search vendor "Cisco" for product "Content Security Management Appliance"
--
Affected
Cisco
Search vendor "Cisco"
Web Security Appliance
Search vendor "Cisco" for product "Web Security Appliance"
--
Affected
Cisco
Search vendor "Cisco"
Email Security Appliance Firmware
Search vendor "Cisco" for product "Email Security Appliance Firmware"
--
Affected