Detections
Analytics
Cisco Web Security Appliance Multiple DoS Vulnerabilities
high Nessus Plugin ID 91338
Language:
Synopsis
The remote security appliance is missing a vendor-supplied patch.Description
According to its self-reported version, the Cisco Web Security Appliance (WSA) running on the remote host is affected by the following vulnerabilities :- A denial of service vulnerability exists in Cisco AsyncOS due to improper validation of packets when parsing HTTP POST requests. An unauthenticated, remote attacker can exploit this, via a specially crafted POST request, to cause the proxy process to become unresponsive, resulting in the WSA reloading.
(CVE-2016-1380)
- A denial of service vulnerability exists in Cisco AsyncOS in the cached file-range request functionality due to a failure to free memory when a file range for cached content is requested through the WSA. An unauthenticated, remote attacker can exploit this, via multiple connections that request file ranges, to cause the WSA to stop passing traffic because of memory exhaustion. (CVE-2016-1381)
- A denial of service vulnerability exists in Cisco AsyncOS due to improper allocation of memory for HTTP headers and expected HTTP payloads. An unauthenticated, remote attacker can exploit this, via specially crafted HTTP requests, to cause the proxy process to unexpectedly reload. (CVE-2016-1382)
- A denial of service vulnerability exists in Cisco AsyncOS due to a failure to free client and server connection memory and system file descriptors when a certain HTTP response code is received in the HTTP request. An unauthenticated, remote attacker can exploit this, via specially crafted HTTP requests, to cause the WSA to stop accepting new connections because of memory exhaustion. (CVE-2016-1383)
Solution
Apply the relevant updates referenced in Cisco Security Advisories cisco-sa-20160518-wsa1, cisco-sa-20160518-wsa2, cisco-sa-20160518-wsa3 and cisco-sa-20160518-wsa4.See Also
http://www.nessus.org/u?8ce8631d
http://www.nessus.org/u?430ceb05
Plugin Details
Severity: High
ID: 91338
File Name: cisco-sa-20160518-wsa1_to_wsa4.nasl
Version: 1.8
Type: local
Family: CISCO
Published: 5/26/2016
Updated: 5/14/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Score Source: CVE-2016-1383
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/h:cisco:web_security_appliance, cpe:/a:cisco:web_security_appliance, cpe:/o:cisco:web_security_appliance, cpe:/o:cisco:asyncos
Required KB Items: Host/AsyncOS/Cisco Web Security Appliance/DisplayVersion, Host/AsyncOS/Cisco Web Security Appliance/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 5/18/2016
Vulnerability Publication Date: 5/18/2016
Reference Information
CVE: CVE-2016-1380, CVE-2016-1381, CVE-2016-1382, CVE-2016-1383
BID: 90742, 90744, 90746, 90747
CISCO-SA: cisco-sa-20160518-wsa1, cisco-sa-20160518-wsa2, cisco-sa-20160518-wsa3, cisco-sa-20160518-wsa4
IAVB: 2016-B-0093-S
CISCO-BUG-ID: CSCuo12171, CSCur28305, CSCuu02529, CSCuw97270