CVE-2015-0624

Cisco Ironport AsyncOS HTTP Header Injection

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.

El Framework web en los dispositivos Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), y Web Security Appliance (WSA) permite a atacantes remotos provocar redirecciones a través de una cabecera HTTP manipulada, también conocido como Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, y CSCur89639.

Cisco Ironport AsyncOS suffers from an HTTP header injection vulnerability.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-01-07 CVE Reserved
2015-02-21 CVE Published
2023-03-07 EPSS Updated
2024-08-06 CVE Updated
2024-08-06 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (5)

URL	Tag	Source
http://www.securityfocus.com/bid/72702	Vdb Entry
http://www.securitytracker.com/id/1031781	Vdb Entry
http://www.securitytracker.com/id/1031782	Vdb Entry

URL	Date	SRC
http://packetstormsecurity.com/files/130525/Cisco-Ironport-AsyncOS-HTTP-Header-Injection.html	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0624	2018-10-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Content Security Management Appliance Search vendor "Cisco" for product "Content Security Management Appliance"				-		-		Affected
Cisco Search vendor "Cisco"		Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance"				-		-		Affected
Cisco Search vendor "Cisco"		Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware"				-		-		Affected