Published: 17/09/2016 Updated: 30/07/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Cisco AsyncOS up to and including 9.5.0-444 on Web Security Appliance (WSA) devices allows remote malicious users to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco web security appliance 7.7.0-000
cisco web security appliance 7.1.1
cisco web security appliance 8.5.0.000
cisco web security appliance 8.5.0-497
cisco web security appliance 8.0.7-142
cisco web security appliance 8.5.2-024
cisco web security appliance 8.5.1-021
cisco web security appliance 8.5.3-055
cisco web security appliance 8.8.0-085
cisco web security appliance 7.5.2-hp2-303
cisco web security appliance 7.1.4
cisco web security appliance 7.5.1-000
cisco web security appliance 8.0.0-000
cisco web security appliance 8.5.2-027
cisco web security appliance 8.0.7
cisco web security appliance 6.0.0-000
cisco web security appliance 7.5.0-825
cisco web security appliance 9.1.0-000
cisco web security appliance 9.1.0-070
cisco web security appliance 9.5.0-444
cisco web security appliance 7.1.2
cisco web security appliance 7.1.3
cisco web security appliance 9.0_base
cisco web security appliance 9.0.0-193
cisco web security appliance 8.0.6-119
cisco web security appliance 5.6.0-623
cisco web security appliance 9.5_base
cisco web security appliance 9.5.0-235
cisco web security appliance 9.1_base
cisco web security appliance 7.7.0-608
cisco web security appliance 7.7.5-835
cisco web security appliance 7.1.0
cisco web security appliance 7.5.0-000
cisco web security appliance 8.0.5
cisco web security appliance 8.0.6
cisco web security appliance 8.0.6-078
cisco web security appliance 8.0.8-mr-113
cisco web security appliance 7.5.2-000
cisco web security appliance 7.7.1-000
cisco web security appliance 9.5.0-284
cisco web security appliance 8.8.0-000

A vulnerability in HTTP request forwarding with Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to link saturation The vulnerability is due to how HTTP data ranges are downloaded from the destination server An attacker could exploit this vulnera ...

CWE-399 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wsa http://www.securityfocus.com/bid/92955 http://www.securitytracker.com/id/1036829 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wsa

CVE-2016-6407

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect