PT-2015-7172 · Cisco · Cisco Email Security Appliance
Published
2015-10-02
·
Updated
2018-10-30
·
CVE-2015-6309
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco Email Security Appliance (ESA) versions 8.5.6-106 through 9.6.0-042
Description
The issue allows remote authenticated users to cause a denial of service, resulting in file-descriptor consumption and device reload, via crafted HTTP requests.
Recommendations
For versions 8.5.6-106 through 9.6.0-042, consider restricting access to HTTP requests until a patch is available.
As a temporary workaround, limit the number of concurrent HTTP requests to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Email Security Appliance