PT-2015-6501 · Cisco · Cisco Content Security Management Appliance+2
Publicado
2015-07-29
·
Atualizado
2015-07-29
·
CVE-2015-4288
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Web Security Appliance (WSA) version 8.5.0-000
Cisco Email Security Appliance (ESA) version 8.5.7-042
Cisco Content Security Management Appliance (SMA) version 8.3.6-048
Description
The issue concerns the LDAP implementation, which fails to verify X.509 certificates from SSL servers. This allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Recommendations
For Cisco Web Security Appliance (WSA) version 8.5.0-000, update to a version that includes the fix for this issue.
For Cisco Email Security Appliance (ESA) version 8.5.7-042, update to a version that includes the fix for this issue.
For Cisco Content Security Management Appliance (SMA) version 8.3.6-048, update to a version that includes the fix for this issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cisco Content Security Management Appliance
Cisco Email Security Appliance
Cisco Web Security Appliance