Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-4198

Published: 20/06/2015 Updated: 28/12/2016
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Web Security Appliance

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote malicious users to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco web security appliance 8.5.0-497

Vendor Advisories

Cisco: Cisco Web Security Appliance Web Framework HTTP Header Injection Vulnerability
A vulnerability in the web framework of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to inject a crafted HTTP header that could introduce arbitrary code into the web interface The vulnerability is due to insufficient validation of user input before it is used as an HTTP header value An attacker could exploi ...

References

CWE-79http://tools.cisco.com/security/center/viewAlert.x?alertId=39422http://www.securityfocus.com/bid/75326http://www.securitytracker.com/id/1032676https://nvd.nist.govhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150619-CVE-2015-4198
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook