All the vulnerabilites related to cisco - content_security_management
cve-2013-3386
Vulnerability from cvelistv5
Published
2013-06-27 21:00
Modified
2024-09-16 22:41
Severity ?
EPSS score ?
Summary
The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712.
References
▼ | URL | Tags |
---|---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma | vendor-advisory, x_refsource_CISCO | |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa | vendor-advisory, x_refsource_CISCO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:07:37.995Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma" }, { "name": "20130626 Multiple Vulnerabilities in Cisco Email Security Appliance", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-06-27T21:00:00Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma" }, { "name": "20130626 Multiple Vulnerabilities in Cisco Email Security Appliance", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2013-3386", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma" }, { "name": "20130626 Multiple Vulnerabilities in Cisco Email Security Appliance", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa" } ] } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2013-3386", "datePublished": "2013-06-27T21:00:00Z", "dateReserved": "2013-05-06T00:00:00Z", "dateUpdated": "2024-09-16T22:41:27.055Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-3385
Vulnerability from cvelistv5
Published
2013-06-27 21:00
Modified
2024-09-16 17:58
Severity ?
EPSS score ?
Summary
The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669.
References
▼ | URL | Tags |
---|---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa | vendor-advisory, x_refsource_CISCO | |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma | vendor-advisory, x_refsource_CISCO | |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa | vendor-advisory, x_refsource_CISCO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:07:37.941Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20130626 Multiple Vulnerabilities in Cisco Web Security Appliance", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa" }, { "name": "20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma" }, { "name": "20130626 Multiple Vulnerabilities in Cisco Email Security Appliance", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-06-27T21:00:00Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20130626 Multiple Vulnerabilities in Cisco Web Security Appliance", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa" }, { "name": "20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma" }, { "name": "20130626 Multiple Vulnerabilities in Cisco Email Security Appliance", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2013-3385", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20130626 Multiple Vulnerabilities in Cisco Web Security Appliance", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa" }, { "name": "20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma" }, { "name": "20130626 Multiple Vulnerabilities in Cisco Email Security Appliance", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa" } ] } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2013-3385", "datePublished": "2013-06-27T21:00:00Z", "dateReserved": "2013-05-06T00:00:00Z", "dateUpdated": "2024-09-16T17:58:38.931Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-3384
Vulnerability from cvelistv5
Published
2013-06-27 21:00
Modified
2024-09-16 18:09
Severity ?
EPSS score ?
Summary
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579.
References
▼ | URL | Tags |
---|---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa | vendor-advisory, x_refsource_CISCO | |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma | vendor-advisory, x_refsource_CISCO | |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa | vendor-advisory, x_refsource_CISCO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:07:37.893Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20130626 Multiple Vulnerabilities in Cisco Web Security Appliance", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa" }, { "name": "20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma" }, { "name": "20130626 Multiple Vulnerabilities in Cisco Email Security Appliance", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-06-27T21:00:00Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20130626 Multiple Vulnerabilities in Cisco Web Security Appliance", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa" }, { "name": "20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma" }, { "name": "20130626 Multiple Vulnerabilities in Cisco Email Security Appliance", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2013-3384", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20130626 Multiple Vulnerabilities in Cisco Web Security Appliance", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa" }, { "name": "20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma" }, { "name": "20130626 Multiple Vulnerabilities in Cisco Email Security Appliance", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa" } ] } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2013-3384", "datePublished": "2013-06-27T21:00:00Z", "dateReserved": "2013-05-06T00:00:00Z", "dateUpdated": "2024-09-16T18:09:15.407Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2013-06-27 21:55
Modified
2024-11-21 01:53
Severity ?
Summary
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cisco | ironport_asyncos | * | |
cisco | ironport_asyncos | 7.2 | |
cisco | ironport_asyncos | 7.3 | |
cisco | ironport_asyncos | 7.5 | |
cisco | ironport_asyncos | 7.6 | |
cisco | ironport_asyncos | 7.7 | |
cisco | ironport_asyncos | 7.8 | |
cisco | ironport_asyncos | 7.9 | |
cisco | content_security_management | - | |
cisco | web_security_appliance | - | |
cisco | email_security_appliance_firmware | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFD8A32D-FEF9-45E5-8585-B9745387B28F", "versionEndIncluding": "7.1.3", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "A3AEF753-45FF-4681-8FEE-ECFAC075B60C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "A5C0DD8C-4865-46F9-AA25-A468F9DB35F9", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A8B29C05-CC5F-429F-A77B-73C5D6052C12", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "1F82B4FD-20BF-49A7-B0EA-8109B0BEA848", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "8784ABD6-7084-4085-ADCE-4FC1BCEBE0FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.8:*:*:*:*:*:*:*", "matchCriteriaId": "308D3736-3EFD-4183-A852-58ABDBF35B13", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.9:*:*:*:*:*:*:*", "matchCriteriaId": "5DFFBC92-3D52-4FA6-AB46-A774B9A9C6DB", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:content_security_management:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F1C1929-DBDA-42CE-A497-CAE0540F2174", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F24CCD0-DFAB-44D9-B29A-A6D925A83C93", "vulnerable": false }, { "criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5BA3A518-E103-4D98-A040-88ED4E0D73CC", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579." }, { "lang": "es", "value": "El framework web de IronPort AsyncOS en dispositivos Cisco Web Security Appliance antes v7.1.3-013, v7.5 antes de v7.5.0-838, y v7.7 antes de v7.7.0-550, dispositivos Email Security Appliance antes de v7.1.5-104, v7.3 antes de v7.3.2-026, v7.5 antes v7.5.2-203 y v7.6 antes v7.6.3-019, y dispositivos Content Security Management Appliance antes de v7.2.2-110, v7.7 antes de v7.7.0-213 y v7.8 y v7.9 antes de 7.9.1-102 permite a los usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de entrada de l\u00ednea de comandos dise\u00f1ado en una URL, tambi\u00e9n conocido como Bug ID CSCzv85726, CSCzv44633 y CSCzv24579." } ], "id": "CVE-2013-3384", "lastModified": "2024-11-21T01:53:31.753", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2013-06-27T21:55:07.023", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa" }, { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma" }, { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-06-27 21:55
Modified
2024-11-21 01:53
Severity ?
Summary
The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cisco | ironport_asyncos | * | |
cisco | ironport_asyncos | 7.3 | |
cisco | ironport_asyncos | 7.5 | |
cisco | ironport_asyncos | 7.6 | |
cisco | ironport_asyncos | 7.9 | |
cisco | ironport_asyncos | 8.0 | |
cisco | content_security_management | - | |
cisco | email_security_appliance_firmware | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B65E15B-9680-4A77-A579-96F250D1AF88", "versionEndIncluding": "7.1.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "A5C0DD8C-4865-46F9-AA25-A468F9DB35F9", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A8B29C05-CC5F-429F-A77B-73C5D6052C12", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "1F82B4FD-20BF-49A7-B0EA-8109B0BEA848", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.9:*:*:*:*:*:*:*", "matchCriteriaId": "5DFFBC92-3D52-4FA6-AB46-A774B9A9C6DB", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEBB85CD-0DE0-49CF-80F2-4E343F3E151E", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:content_security_management:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F1C1929-DBDA-42CE-A497-CAE0540F2174", "vulnerable": false }, { "criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5BA3A518-E103-4D98-A040-88ED4E0D73CC", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712." }, { "lang": "es", "value": "El componente de IronPort Spam Quarantine (ISQ) en el framework web de IronPort AsyncOS en dispositivos Cisco Email Security Appliance anteriores a v7.1.5-106 y v7.3, v7.5 y v7.6 antes de v7.6.3-019 y dispositivos Content Security Management Appliance antes de v7.9.1 -102 y v8.0 antes de v8.0.0-404 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del servicio o cuelgue) a trav\u00e9s de una alta tasa de intentos de conexi\u00f3n TCP, identificadores de incidencias tambi\u00e9n conocido como CSCzv25573 y CSCzv81712." } ], "id": "CVE-2013-3386", "lastModified": "2024-11-21T01:53:32.063", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2013-06-27T21:55:07.090", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa" }, { "source": "ykramarz@cisco.com", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-06-27 21:55
Modified
2024-11-21 01:53
Severity ?
Summary
The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cisco | ironport_asyncos | * | |
cisco | ironport_asyncos | 7.2 | |
cisco | ironport_asyncos | 7.3 | |
cisco | ironport_asyncos | 7.5 | |
cisco | ironport_asyncos | 7.6 | |
cisco | ironport_asyncos | 7.7 | |
cisco | ironport_asyncos | 7.8 | |
cisco | ironport_asyncos | 7.9 | |
cisco | content_security_management | - | |
cisco | web_security_appliance | - | |
cisco | email_security_appliance_firmware | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFD8A32D-FEF9-45E5-8585-B9745387B28F", "versionEndIncluding": "7.1.3", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "A3AEF753-45FF-4681-8FEE-ECFAC075B60C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "A5C0DD8C-4865-46F9-AA25-A468F9DB35F9", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A8B29C05-CC5F-429F-A77B-73C5D6052C12", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "1F82B4FD-20BF-49A7-B0EA-8109B0BEA848", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "8784ABD6-7084-4085-ADCE-4FC1BCEBE0FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.8:*:*:*:*:*:*:*", "matchCriteriaId": "308D3736-3EFD-4183-A852-58ABDBF35B13", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ironport_asyncos:7.9:*:*:*:*:*:*:*", "matchCriteriaId": "5DFFBC92-3D52-4FA6-AB46-A774B9A9C6DB", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:content_security_management:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F1C1929-DBDA-42CE-A497-CAE0540F2174", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F24CCD0-DFAB-44D9-B29A-A6D925A83C93", "vulnerable": false }, { "criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5BA3A518-E103-4D98-A040-88ED4E0D73CC", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669." }, { "lang": "es", "value": "La interfaz de gesti\u00f3n en el framwork web de IronPort AsyncOS en dispositivos Cisco Web Security Appliance antes de v7.1.3-013, antes de v7.5.0-838 v7.5, y v7.7 antes de v7.7.0-602; Email Security Appliance dispositivos antes de v7.1.5-106 y v7.3, v7.5 y v7.6 antes de v7.6.3-019; y dispositivos Content Security Management Appliance antes de v7.9.1-102 y v8.0 antes v8.0.0-404 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cuelgue del sistema) a trav\u00e9s de una serie de (1) o HTTP (2) solicitudes HTTPS a una interfaz de gesti\u00f3n, tambi\u00e9n conocido como Bug ID CSCzv58669, CSCzv63329 y CSCzv78669." } ], "id": "CVE-2013-3385", "lastModified": "2024-11-21T01:53:31.910", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2013-06-27T21:55:07.057", "references": [ { "source": "ykramarz@cisco.com", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa" }, { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma" }, { "source": "ykramarz@cisco.com", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }