CVE-2013-5537

Name of the Vulnerable Software and Affected Versions Cisco Web Security Appliance (WSA) (affected versions not specified) Cisco Email Security Appliance (ESA) (affected versions not specified) Cisco Content Security Management Appliance (SMA) (affected versions not specified)

Description The issue is related to the web framework on Cisco devices, which does not properly manage the state of HTTP and HTTPS sessions. This allows remote attackers to cause a denial of service, resulting in a management GUI outage, by establishing multiple TCP connections.

Recommendations For Cisco Web Security Appliance (WSA), consider restricting access to the management GUI to minimize the risk of exploitation. For Cisco Email Security Appliance (ESA), consider implementing rate limiting on TCP connections to reduce the impact of denial of service attacks. For Cisco Content Security Management Appliance (SMA), consider temporarily disabling remote management access until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.