Published: 20/01/2016 Updated: 07/12/2016
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote malicious users to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848.

Vendor Advisories

A vulnerability in the proxy engine of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass security restrictions   The vulnerability is due to improper handling of malformed HTTP methods An attacker could exploit this vulnerability by crafting an improper HTTP method A successful exploit could allow ...

Recent Articles

Cisco patches borked web box proxy hole
The Register • Team Register • 20 Jan 2016

Malformed HTTP methods blamed

Cisco has patched a vulnerability in its Web Security Appliance that allows unauthenticated remote attackers to bypass security controls.
The bug (CVE-2016-1296) allows attackers to use proxies when such traffic should be restricted.
Affected users of versions 8.5.3-055, 9.1.0-000, and 9.5.0-235 should apply the released fix. With all due haste, please, as no workarounds are available.
The Borg says the hole is thanks to malformed HTTP methods.
"A vulnerability in the pro...