Main Vulnerability Database SB2016072801

SB2016072801 - Snort rule bypass vulnerability in Cisco FireSIGHT

Published: July 28, 2016

Security Bulletin ID SB2016072801

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Snort rule bypass vulnerability (CVE-ID: CVE-2016-1463)

The vulnerability allows a remote attacker to bypass security controls on the target system.

The vulnerability exists due to improper handling of HTTP header parameters. A remote attacker can bypass configured rules that use Snort detection by sending a crafted HTTP packet to the affected device.

Successful exploitation of this vulnerability may result in unauthorized access to network resources.

Remediation

Install update from vendor's website.

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-firesight