Main Vulnerability Database SB2016062902

SB2016062902 - Resource exhaustion in Cisco Web Security Appliance

Published: June 29, 2016 Updated: November 22, 2018

Security Bulletin ID SB2016062902

CSH Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Resource exhaustion (CVE-ID: CVE-2016-1440)

The vulnerability allows a remote attacker to consume excessive CPU resources on the target system.

The vulnerability exists due to state error in Cisco Web Security Appliance. A remote unauthenticated attacker can consume excessive CPU resources on the target system by closing specially crafted FTP connections through the target system to trigger a flaw in the native pass-through FTP function.

Successful exploitation of this vulnerability may result in denial of vulnerable system

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160627-wsa

SB2016062902 - Resource exhaustion in Cisco Web Security Appliance

Breakdown by Severity

Description

Remediation

References

Please verify you're human