PT-2015-7172 · Cisco · Cisco Email Security Appliance

Publicado

2015-10-02

Atualizado

2018-10-30

CVE-2015-6309

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Cisco Email Security Appliance (ESA) versions 8.5.6-106 through 9.6.0-042

Description The issue allows remote authenticated users to cause a denial of service, resulting in file-descriptor consumption and device reload, via crafted HTTP requests.

Recommendations For versions 8.5.6-106 through 9.6.0-042, consider restricting access to HTTP requests until a patch is available. As a temporary workaround, limit the number of concurrent HTTP requests to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

CVE-2015-6309

Produtos afetados

Cisco Email Security Appliance

PT-2015-7172 · Cisco · Cisco Email Security Appliance

CVE-2015-6309

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3