Advisory ID: cisco-sa-20151104-wsa2
Revision 1.0
For Public Release 2015 November 4 16:00 UTC (GMT)
+-----------------------------
Summary
=======
A vulnerability in the file-range request functionality of Cisco AsyncOS
for Cisco Web Security Appliance (WSA) could allow an unauthenticated,
remote attacker to cause a denial of service (DoS) condition on an
appliance because the appliance runs out of system memory.
The vulnerability is due to a failure to free memory when a file range
is requested through the Cisco WSA. An attacker could exploit this
vulnerability by opening multiple connections that request file ranges
through the WSA. A successful exploit could allow the attacker to cause
the WSA to stop passing traffic when enough memory is used and not freed.
Cisco has released software updates that address this vulnerability.
A workaround that mitigates this vulnerability is also available.
This advisory is available at the following link:
http://tools.cisco.com/
Komentarų nėra:
Rašyti komentarą