CVE-2015-0624
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
21/02/2015
Last modified:
12/04/2025
Description
The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/130525/Cisco-Ironport-AsyncOS-HTTP-Header-Injection.html
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0624
- http://www.securityfocus.com/bid/72702
- http://www.securitytracker.com/id/1031781
- http://www.securitytracker.com/id/1031782
- http://packetstormsecurity.com/files/130525/Cisco-Ironport-AsyncOS-HTTP-Header-Injection.html
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0624
- http://www.securityfocus.com/bid/72702
- http://www.securitytracker.com/id/1031781
- http://www.securitytracker.com/id/1031782