CVE-2013-5512: Race Condition
First published: Sun Oct 13 2013(Updated: )
Race condition in the HTTP Deep Packet Inspection (DPI) feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.5), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.4), 9.0.x before 9.0(1.4), and 9.1.x before 9.1(1.2), in certain conditions involving the spoof-server option or ActiveX or Java response inspection, allows remote attackers to cause a denial of service (device reload) via a crafted HTTP response, aka Bug ID CSCud37992.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Adaptive Security Appliance | =8.2 | |
| Cisco Adaptive Security Appliance | =8.2\(1\) | |
| Cisco Adaptive Security Appliance | =8.2\(2\) | |
| Cisco Adaptive Security Appliance | =8.2\(3\) | |
| Cisco Adaptive Security Appliance | =8.2\(3.9\) | |
| Cisco Adaptive Security Appliance | =8.2\(4\) | |
| Cisco Adaptive Security Appliance | =8.2\(4.1\) | |
| Cisco Adaptive Security Appliance | =8.2\(4.4\) | |
| Cisco Adaptive Security Appliance Software | =8.2\(5\) | |
| Cisco Adaptive Security Appliance Software | =8.2\(5.35\) | |
| Cisco Adaptive Security Appliance Software | =8.2\(5.38\) | |
| Cisco Adaptive Security Appliance Software | =8.3\(1\) | |
| Cisco Adaptive Security Appliance Software | =8.3\(2\) | |
| Cisco Adaptive Security Appliance Software | =8.3\(2.34\) | |
| Cisco Adaptive Security Appliance Software | =8.3\(2.37\) | |
| Cisco Adaptive Security Appliance Software | =8.4 | |
| Cisco Adaptive Security Appliance Software | =8.4\(1\) | |
| Cisco Adaptive Security Appliance Software | =8.4\(1.11\) | |
| Cisco Adaptive Security Appliance Software | =8.4\(2\) | |
| Cisco Adaptive Security Appliance Software | =8.4\(2.11\) | |
| Cisco Adaptive Security Appliance Software | =8.4\(3\) | |
| Cisco Adaptive Security Appliance Software | =8.4\(4.11\) | |
| Cisco Adaptive Security Appliance Software | =8.4\(5\) | |
| Cisco Adaptive Security Appliance Software | =8.5 | |
| Cisco Adaptive Security Appliance Software | =8.5\(1\) | |
| Cisco Adaptive Security Appliance Software | =8.5\(1.17\) | |
| Cisco Adaptive Security Appliance Software | =8.6 | |
| Cisco Adaptive Security Appliance Software | =8.6\(1\) | |
| Cisco Adaptive Security Appliance Software | =8.6\(1.3\) | |
| Cisco Adaptive Security Appliance Software | =8.6\(1.10\) | |
| Cisco Adaptive Security Appliance Software | =8.7\(1.3\) | |
| Cisco Adaptive Security Appliance Software | =9.0 | |
| Cisco Adaptive Security Appliance Software | =9.1 | |
| Cisco Adaptive Security Appliance Software | =8.2 | |
| Cisco Adaptive Security Appliance Software | =8.2\(1\) | |
| Cisco Adaptive Security Appliance Software | =8.2\(2\) | |
| Cisco Adaptive Security Appliance Software | =8.2\(3\) | |
| Cisco Adaptive Security Appliance Software | =8.2\(3.9\) | |
| Cisco Adaptive Security Appliance Software | =8.2\(4\) | |
| Cisco Adaptive Security Appliance Software | =8.2\(4.1\) | |
| Cisco Adaptive Security Appliance Software | =8.2\(4.4\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-5512?
CVE-2013-5512 has a high severity rating due to the potential for a remote attacker to exploit the race condition in the Cisco Adaptive Security Appliance (ASA) software.
How do I fix CVE-2013-5512?
To fix CVE-2013-5512, upgrade the Cisco Adaptive Security Appliance software to a version that is patched or not affected, specifically 8.2(5.46), 8.3(2.39), 8.4(5.5), or later.
What systems are affected by CVE-2013-5512?
CVE-2013-5512 affects multiple versions of Cisco Adaptive Security Appliance Software including 8.2.x, 8.3.x, 8.4.x, 8.5.x, 8.6.x, 8.7.x, 9.0.x, and 9.1.x prior to their respective fixed versions.
What kind of attack does CVE-2013-5512 enable?
CVE-2013-5512 enables remote attackers to bypass intended access controls and potentially launch further attacks on the affected systems.
Is there any workaround for CVE-2013-5512?
There are no documented workarounds for CVE-2013-5512; the only recommended solution is to apply the appropriate software updates.
- agent/references
- agent/author
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco adaptive security appliance
- version/cisco adaptive security appliance/8.2
- version/cisco adaptive security appliance/8.2\(1\)
- version/cisco adaptive security appliance/8.2\(2\)
- version/cisco adaptive security appliance/8.2\(3\)
- version/cisco adaptive security appliance/8.2\(3.9\)
- version/cisco adaptive security appliance/8.2\(4\)
- version/cisco adaptive security appliance/8.2\(4.1\)
- version/cisco adaptive security appliance/8.2\(4.4\)
- canonical/cisco adaptive security appliance software
- version/cisco adaptive security appliance software/8.2\(5\)
- version/cisco adaptive security appliance software/8.2\(5.35\)
- version/cisco adaptive security appliance software/8.2\(5.38\)
- version/cisco adaptive security appliance software/8.3\(1\)
- version/cisco adaptive security appliance software/8.3\(2\)
- version/cisco adaptive security appliance software/8.3\(2.34\)
- version/cisco adaptive security appliance software/8.3\(2.37\)
- version/cisco adaptive security appliance software/8.4
- version/cisco adaptive security appliance software/8.4\(1\)
- version/cisco adaptive security appliance software/8.4\(1.11\)
- version/cisco adaptive security appliance software/8.4\(2\)
- version/cisco adaptive security appliance software/8.4\(2.11\)
- version/cisco adaptive security appliance software/8.4\(3\)
- version/cisco adaptive security appliance software/8.4\(4.11\)
- version/cisco adaptive security appliance software/8.4\(5\)
- version/cisco adaptive security appliance software/8.5
- version/cisco adaptive security appliance software/8.5\(1\)
- version/cisco adaptive security appliance software/8.5\(1.17\)
- version/cisco adaptive security appliance software/8.6
- version/cisco adaptive security appliance software/8.6\(1\)
- version/cisco adaptive security appliance software/8.6\(1.3\)
- version/cisco adaptive security appliance software/8.6\(1.10\)
- version/cisco adaptive security appliance software/8.7\(1.3\)
- version/cisco adaptive security appliance software/9.0
- version/cisco adaptive security appliance software/9.1
- version/cisco adaptive security appliance software/8.2
- version/cisco adaptive security appliance software/8.2\(1\)
- version/cisco adaptive security appliance software/8.2\(2\)
- version/cisco adaptive security appliance software/8.2\(3\)
- version/cisco adaptive security appliance software/8.2\(3.9\)
- version/cisco adaptive security appliance software/8.2\(4\)
- version/cisco adaptive security appliance software/8.2\(4.1\)
- version/cisco adaptive security appliance software/8.2\(4.4\)