CVE-2013-5512

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software versions 8.2.x through 8.2(5.45) Cisco Adaptive Security Appliance (ASA) Software versions 8.3.x through 8.3(2.38) Cisco Adaptive Security Appliance (ASA) Software versions 8.4.x through 8.4(5.4) Cisco Adaptive Security Appliance (ASA) Software versions 8.5.x through 8.5(1.17) Cisco Adaptive Security Appliance (ASA) Software versions 8.6.x through 8.6(1.11) Cisco Adaptive Security Appliance (ASA) Software versions 8.7.x through 8.7(1.3) Cisco Adaptive Security Appliance (ASA) Software versions 9.0.x through 9.0(1.3) Cisco Adaptive Security Appliance (ASA) Software versions 9.1.x through 9.1(1.1)

Description A race condition in the HTTP Deep Packet Inspection (DPI) feature allows remote attackers to cause a denial of service (device reload) via a crafted HTTP response, in certain conditions involving the spoof-server option or ActiveX or Java response inspection.

Recommendations For versions 8.2.x, update to 8.2(5.46) or later. For versions 8.3.x, update to 8.3(2.39) or later. For versions 8.4.x, update to 8.4(5.5) or later. For versions 8.5.x, update to 8.5(1.18) or later. For versions 8.6.x, update to 8.6(1.12) or later. For versions 8.7.x, update to 8.7(1.4) or later. For versions 9.0.x, update to 9.0(1.4) or later. For versions 9.1.x, update to 9.1(1.2) or later.