var-201310-0520
Vulnerability from variot
The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via multiple TCP connections, aka Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635. Vendors have confirmed this vulnerability Bug ID CSCuj59411 , CSCuf89818 ,and CSCuh05635 It is released as.Multiple third parties TCP Service disruption via connection ( management GUI Stop ) There is a possibility of being put into a state. Cisco is the world's leading provider of Internet solutions. A denial of service vulnerability exists in Cisco Appliances. A remote attacker could exploit this vulnerability to render the affected device unresponsive, resulting in a denial of service. This issue is being tracked by Cisco Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635. ESA is an email security appliance. Content SMA is a set of content security management equipment. There is a denial-of-service vulnerability in the GUI function of the web framework. The vulnerability stems from the fact that the program does not properly manage the connection process of HTTP and HTTPS. The following devices are affected: Cisco WSA, ESA, Content SMA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0520",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "email security appliance",
"scope": "eq",
"trust": 2.2,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "e email security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "web security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "content security management appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14075"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004877"
},
{
"db": "NVD",
"id": "CVE-2013-5537"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-610"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5537"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "63280"
}
],
"trust": 0.3
},
"cve": "CVE-2013-5537",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-5537",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-14075",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-65539",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-5537",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-14075",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-610",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-65539",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14075"
},
{
"db": "VULHUB",
"id": "VHN-65539"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004877"
},
{
"db": "NVD",
"id": "CVE-2013-5537"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-610"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via multiple TCP connections, aka Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635. Vendors have confirmed this vulnerability Bug ID CSCuj59411 , CSCuf89818 ,and CSCuh05635 It is released as.Multiple third parties TCP Service disruption via connection ( management GUI Stop ) There is a possibility of being put into a state. Cisco is the world\u0027s leading provider of Internet solutions. A denial of service vulnerability exists in Cisco Appliances. A remote attacker could exploit this vulnerability to render the affected device unresponsive, resulting in a denial of service. \nThis issue is being tracked by Cisco Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635. ESA is an email security appliance. Content SMA is a set of content security management equipment. There is a denial-of-service vulnerability in the GUI function of the web framework. The vulnerability stems from the fact that the program does not properly manage the connection process of HTTP and HTTPS. The following devices are affected: Cisco WSA, ESA, Content SMA",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5537"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004877"
},
{
"db": "CNVD",
"id": "CNVD-2013-14075"
},
{
"db": "BID",
"id": "63280"
},
{
"db": "VULHUB",
"id": "VHN-65539"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5537",
"trust": 3.4
},
{
"db": "BID",
"id": "63280",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004877",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201310-610",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-14075",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20131022 CISCO WSA, ESA, AND SMA MANAGEMENT GUI DENIAL OF SERVICE VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-65539",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14075"
},
{
"db": "VULHUB",
"id": "VHN-65539"
},
{
"db": "BID",
"id": "63280"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004877"
},
{
"db": "NVD",
"id": "CVE-2013-5537"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-610"
}
]
},
"id": "VAR-201310-0520",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14075"
},
{
"db": "VULHUB",
"id": "VHN-65539"
}
],
"trust": 1.1425819499999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14075"
}
]
},
"last_update_date": "2023-12-18T13:39:59.261000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco WSA, ESA, and SMA Management GUI Denial of Service Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5537"
},
{
"title": "31434",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=31434"
},
{
"title": "Patches for multiple Cisco Appliances denial of service vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/40533"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14075"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004877"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65539"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004877"
},
{
"db": "NVD",
"id": "CVE-2013-5537"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5537"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5537"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5537"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14075"
},
{
"db": "VULHUB",
"id": "VHN-65539"
},
{
"db": "BID",
"id": "63280"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004877"
},
{
"db": "NVD",
"id": "CVE-2013-5537"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-610"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-14075"
},
{
"db": "VULHUB",
"id": "VHN-65539"
},
{
"db": "BID",
"id": "63280"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004877"
},
{
"db": "NVD",
"id": "CVE-2013-5537"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-610"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14075"
},
{
"date": "2013-10-24T00:00:00",
"db": "VULHUB",
"id": "VHN-65539"
},
{
"date": "2013-10-22T00:00:00",
"db": "BID",
"id": "63280"
},
{
"date": "2013-10-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004877"
},
{
"date": "2013-10-24T10:53:09.897000",
"db": "NVD",
"id": "CVE-2013-5537"
},
{
"date": "2013-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-610"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14075"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-65539"
},
{
"date": "2013-10-24T00:13:00",
"db": "BID",
"id": "63280"
},
{
"date": "2013-10-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004877"
},
{
"date": "2018-10-30T16:27:22.513000",
"db": "NVD",
"id": "CVE-2013-5537"
},
{
"date": "2013-11-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-610"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-610"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Security appliance Web Service operation interruption in the framework (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004877"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-610"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.