SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Cisco Web Security Appliance Vendors:   Cisco
Cisco Web Security Appliance Web Proxy Function Lets Remote Users Consume Excessive Memory Resources
SecurityTracker Alert ID:  1041535
SecurityTracker URL:  http://securitytracker.com/id/1041535
CVE Reference:   CVE-2018-0410   (Links to External Site)
Date:  Aug 21 2018
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): AsyncOS 9.1, 10.1, 10.5, and 11.0
Description:   A vulnerability was reported in Cisco Web Security Appliance. A remote user can consume excessive memory on the target system.

A remote user can establish a large number of TCP connections via IPv4 or IPv6 exploit a flaw in the web proxy functionality of Cisco AsyncOS to consume excessive memory on the target system. A manual restart may be required to return the system to normal operations.

Systems with the HTTPS Proxy feature enabled are affected.

The vendor has assigned bug ID CSCvf36610 to this vulnerability.

Impact:   A remote user can consume excessive memory resources on the target system.
Solution:   The vendor has issued a fix (10.1.3-054, 10.5.2-072, 11.5.0-614).

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos (Links to External Site)
Cause:   Resource error

Message History:   None.


 Source Message Contents

Subject:  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC