CVE-2016-1382

Published May 25, 2016

Last updated 8 years ago

CVSS high 7.5

Overview

Description: Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (proxy-process reload) via a crafted request, aka Bug ID CSCuu02529.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8F24CCD0-DFAB-44D9-B29A-A6D925A83C93"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):5.6.0-623:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28647FC3-A6F5-476D-B75C-B93573350420"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):6.0.0-000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3732507-B22B-4410-B93B-A30E157F51C3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):7.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "261EB727-C409-4839-AA11-60192D8D08E6"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):7.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71A96AB4-38C2-477F-9C57-3263DA739F63"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):7.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48EDA671-1858-4112-9F92-F621F553F7C9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):7.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D98BC2CA-0019-4884-88CA-86CFDA96E332"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):7.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5BA0694-C26D-4CC1-A372-3ABDC2B2A03B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):7.5.0-000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "080702CA-6D92-4054-87A7-61F821C8B327"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):7.5.0-825:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A051A86E-6FF5-44E1-85E6-CB818B58CBBC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):7.5.1-000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77326395-9F74-43ED-9CA2-C142EB6219E0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):7.5.2-000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CBCCB5E-0AB7-42E9-9264-C8EF27E0FA88"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):7.7.0-000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D80DDAB-272F-4B57-8D5F-B12A11E5FC35"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):7.7.1-000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "847838A1-0305-435B-A4A0-CC476F9B0DB5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):8.0.0-000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FA9F218-A9AB-4711-9AD0-7A99D9D23168"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):8.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC4A2EAF-AF87-489F-B69E-7604CC176752"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):8.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6449A831-C0D0-4C43-B1A4-715F560FCABB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):8.0.6-078:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "386D87AD-5552-4103-B1B3-079604746F67"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):8.0.6-119:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29B00067-7DFC-426C-94B8-24A48647E03D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):8.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D535C0B-1CBE-4F9E-BA90-31E0496EE354"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):8.0.7-142:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33FBBCA4-0526-47FA-A35A-212347A7A188"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):8.0.8-mr-113:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B7C1E4C-21B8-433D-829F-6A84B22ED29D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):8.5.0-497:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E837FF6-2B3C-4AEF-A29C-841A2B332668"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):8.5.0.000:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6688EAFC-A3F5-4BC0-991B-BD8C158A2CE0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):8.5.1-021:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "253E1900-D6E2-448A-9AE4-8D276912281B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):8.5.2-024:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6644686-C51E-4367-9518-46013F6B3A5F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):8.5.2-027:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6461E708-07E4-487C-B07D-1E9EAE72478E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:web_security_appliance_\\(wsa\\):8.5.3-055:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3394552B-CDD0-4F52-A80F-76AF7235E681"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References