Vulnerabilities > CVE-2016-6407 - Resource Management Errors vulnerability in Cisco web Security Appliance

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

cisco

CWE-399

NVD

Published: 2016-09-17

Updated: 2017-07-30

Summary

Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco WEB Security Appliance 8.0.7 Cisco WEB Security Appliance 7.5.2-Hp2-303 Cisco WEB Security Appliance 7.5.2-000 Cisco WEB Security Appliance 9.5.0-284 Cisco WEB Security Appliance 8.0.6-078 Cisco WEB Security Appliance 7.1.1 Cisco WEB Security Appliance 9.5.0-235 Cisco WEB Security Appliance 7.1.4 Cisco WEB Security Appliance 8.5.0.000 Cisco WEB Security Appliance 8.5.3-055 Cisco WEB Security Appliance 8.0.7-142 Cisco WEB Security Appliance 7.1.0 Cisco WEB Security Appliance 9.0_Base Cisco WEB Security Appliance 7.5.0-825 Cisco WEB Security Appliance 7.7.0-608 Cisco WEB Security Appliance 8.8.0-000 Cisco WEB Security Appliance 8.0.0-000 Cisco WEB Security Appliance 8.5.2-024 Cisco WEB Security Appliance 7.5.0-000 Cisco WEB Security Appliance 8.5.2-027 Cisco WEB Security Appliance 8.0.6 Cisco WEB Security Appliance 7.1.3 Cisco WEB Security Appliance 9.1_Base Cisco WEB Security Appliance 7.1.2 Cisco WEB Security Appliance 8.0.8-Mr-113 Cisco WEB Security Appliance 8.5.0-497 Cisco WEB Security Appliance 9.1.0-000 Cisco WEB Security Appliance 8.8.0-085 Cisco WEB Security Appliance 7.5.1-000 Cisco WEB Security Appliance 6.0.0-000 Cisco WEB Security Appliance 5.6.0-623 Cisco WEB Security Appliance 9.0.0-193 Cisco WEB Security Appliance 7.7.5-835 Cisco WEB Security Appliance 8.5.1-021 Cisco WEB Security Appliance 9.5_Base Cisco WEB Security Appliance 8.0.5 Cisco WEB Security Appliance 8.0.6-119 Cisco WEB Security Appliance 9.1.0-070 Cisco WEB Security Appliance 7.7.0-000 Cisco WEB Security Appliance 9.5.0-444 Cisco WEB Security Appliance 7.7.1-000	41

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References