A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker could exploit this vulnerability by installing a malformed certificate in a web server and sending a request to it through the Cisco WSA. A successful exploit could allow the malicious user to cause an unexpected restart of the proxy process on an affected device.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco asyncos |
||
cisco web security appliance 10.5.2-072 |
||
cisco web security appliance 11.7.0-fcs-334 |
||
cisco web security appliance 10.5.3-025 |