PT-2016-6881 · Cisco · Web Security Appliance+1

Published

2016-09-17

Updated

2017-07-30

CVE-2016-6407

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Cisco AsyncOS versions prior to 9.5.0-444 on Web Security Appliance (WSA) devices

Description The issue allows remote attackers to cause a denial of service, specifically link saturation, by making many HTTP requests for overlapping byte ranges simultaneously.

Recommendations For Cisco AsyncOS versions prior to 9.5.0-444, update to version 9.5.0-444 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2016-6407

Affected Products

Cisco Asyncos

Web Security Appliance

PT-2016-6881 · Cisco · Web Security Appliance+1

CVE-2016-6407

Weakness Enumeration

Related Identifiers

Affected Products

References · 5