var-201502-0152
Vulnerability from variot
The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639. Vendors have confirmed this vulnerability CSCur44412 , CSCur44415 , CSCur89630 , CSCur89636 , CSCur89633 ,and CSCur89639 It is released as.Skillfully crafted by a third party HTTP A redirect may be triggered via the header. Cisco AsyncOS is a set of operating systems used in these products. Cisco AsyncOS Software is prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible. This issue is being tracked by Cisco Bug ID's CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639. The following products are affected: ESA, Content SMA, WSA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0152",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "email security appliance",
"scope": "eq",
"trust": 2.2,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "asyncos",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "asyncos 8.5"
},
{
"model": "e email security the appliance",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "(asyncos 8.5 )"
},
{
"model": "web security the appliance",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "(asyncos 8.5 )"
},
{
"model": "content security management appliance",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "(asyncos 8.3 )"
},
{
"model": "content security management appliance",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "email security appliance",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001580"
},
{
"db": "NVD",
"id": "CVE-2015-0624"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-379"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0624"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Glafkos Charalambous",
"sources": [
{
"db": "BID",
"id": "72702"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0624",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-0624",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-01347",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-78570",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0624",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-01347",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-379",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78570",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0624",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"db": "VULHUB",
"id": "VHN-78570"
},
{
"db": "VULMON",
"id": "CVE-2015-0624"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001580"
},
{
"db": "NVD",
"id": "CVE-2015-0624"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-379"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639. Vendors have confirmed this vulnerability CSCur44412 , CSCur44415 , CSCur89630 , CSCur89636 , CSCur89633 ,and CSCur89639 It is released as.Skillfully crafted by a third party HTTP A redirect may be triggered via the header. Cisco AsyncOS is a set of operating systems used in these products. Cisco AsyncOS Software is prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker can leverage this issue to conduct phishing attacks; other attacks are possible. \nThis issue is being tracked by Cisco Bug ID\u0027s CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639. The following products are affected: ESA, Content SMA, WSA",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0624"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001580"
},
{
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"db": "BID",
"id": "72702"
},
{
"db": "VULHUB",
"id": "VHN-78570"
},
{
"db": "VULMON",
"id": "CVE-2015-0624"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-78570",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78570"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0624",
"trust": 3.5
},
{
"db": "BID",
"id": "72702",
"trust": 1.5
},
{
"db": "PACKETSTORM",
"id": "130525",
"trust": 1.2
},
{
"db": "SECTRACK",
"id": "1031781",
"trust": 1.2
},
{
"db": "SECTRACK",
"id": "1031782",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001580",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201502-379",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-01347",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-78570",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-0624",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"db": "VULHUB",
"id": "VHN-78570"
},
{
"db": "VULMON",
"id": "CVE-2015-0624"
},
{
"db": "BID",
"id": "72702"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001580"
},
{
"db": "NVD",
"id": "CVE-2015-0624"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-379"
}
]
},
"id": "VAR-201502-0152",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"db": "VULHUB",
"id": "VHN-78570"
}
],
"trust": 1.1425819499999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01347"
}
]
},
"last_update_date": "2023-12-18T13:53:19.032000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco AsyncOS Software HTTP Redirect Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0624"
},
{
"title": "37544",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37544"
},
{
"title": "Cisco AsyncOS Web Framework Input Patch for Validation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/55644"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001580"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78570"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001580"
},
{
"db": "NVD",
"id": "CVE-2015-0624"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0624"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/72702"
},
{
"trust": 1.3,
"url": "http://packetstormsecurity.com/files/130525/cisco-ironport-asyncos-http-header-injection.html"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1031781"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1031782"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0624"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0624"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"db": "VULHUB",
"id": "VHN-78570"
},
{
"db": "VULMON",
"id": "CVE-2015-0624"
},
{
"db": "BID",
"id": "72702"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001580"
},
{
"db": "NVD",
"id": "CVE-2015-0624"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-379"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"db": "VULHUB",
"id": "VHN-78570"
},
{
"db": "VULMON",
"id": "CVE-2015-0624"
},
{
"db": "BID",
"id": "72702"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001580"
},
{
"db": "NVD",
"id": "CVE-2015-0624"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-379"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"date": "2015-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-78570"
},
{
"date": "2015-02-21T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0624"
},
{
"date": "2015-02-20T00:00:00",
"db": "BID",
"id": "72702"
},
{
"date": "2015-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001580"
},
{
"date": "2015-02-21T11:59:02.920000",
"db": "NVD",
"id": "CVE-2015-0624"
},
{
"date": "2015-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-379"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-78570"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0624"
},
{
"date": "2015-03-08T16:02:00",
"db": "BID",
"id": "72702"
},
{
"date": "2015-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001580"
},
{
"date": "2018-10-30T16:27:22.513000",
"db": "NVD",
"id": "CVE-2015-0624"
},
{
"date": "2015-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-379"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-379"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco AsyncOS Web Framework Input Validation Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01347"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-379"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-379"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.