Vulnerabilities > CVE-2016-1440 - Resource Management Errors vulnerability in Cisco web Security Appliance

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

cisco

CWE-399

NVD

Published: 2016-07-02

Updated: 2017-09-01

Summary

The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improperly terminating the control connection after a file transfer, aka Bug ID CSCuy43468.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco WEB Security Appliance 8.0.7 Cisco WEB Security Appliance 7.5.2-Hp2-303 Cisco WEB Security Appliance 7.5.2-000 Cisco WEB Security Appliance 8.0.6-078 Cisco WEB Security Appliance 7.1.1 Cisco WEB Security Appliance 7.1.4 Cisco WEB Security Appliance 8.5.0.000 Cisco WEB Security Appliance 8.5.3-055 Cisco WEB Security Appliance 8.0.7-142 Cisco WEB Security Appliance 7.1.0 Cisco WEB Security Appliance 9.0_Base Cisco WEB Security Appliance 7.5.0-825 Cisco WEB Security Appliance 7.7.0-608 Cisco WEB Security Appliance 8.8.0-000 Cisco WEB Security Appliance 8.0.0-000 Cisco WEB Security Appliance 8.5.2-024 Cisco WEB Security Appliance 7.5.0-000 Cisco WEB Security Appliance 8.5.2-027 Cisco WEB Security Appliance 8.0.6 Cisco WEB Security Appliance 7.1.3 Cisco WEB Security Appliance 7.1.2 Cisco WEB Security Appliance 8.0.8-Mr-113 Cisco WEB Security Appliance 8.5.0-497 Cisco WEB Security Appliance 8.0.5_Hp1 Cisco WEB Security Appliance 9.1.0-000 Cisco WEB Security Appliance 8.8.0-085 Cisco WEB Security Appliance 7.5.1-000 Cisco WEB Security Appliance 6.0.0-000 Cisco WEB Security Appliance 5.6.0-623 Cisco WEB Security Appliance 9.0.0-193 Cisco WEB Security Appliance 7.7.5-835 Cisco WEB Security Appliance 8.5.1-021 Cisco WEB Security Appliance 8.0.5 Cisco WEB Security Appliance 8.0.6-119 Cisco WEB Security Appliance 9.1.0-070 Cisco WEB Security Appliance 7.7.0-000 Cisco WEB Security Appliance 7.7.1-000	37

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References