Improper input validation in Advanced Secure Gateway and ProxySG - CVE-2017-13677
Published: May 7, 2018
Vulnerability identifier: #VU12393
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-13677
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Broadcom
Affected software:
Advanced Secure Gateway
ProxySG
Advanced Secure Gateway
ProxySG
Detailed vulnerability description
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists due to improper handling of HTTP requests. A remote attacker can send specially crafted HTTP/HTTPS requests and cause the service to crash.
The weakness exists due to improper handling of HTTP requests. A remote attacker can send specially crafted HTTP/HTTPS requests and cause the service to crash.
How to mitigate CVE-2017-13677
Install update from vendor's website.