CVE-2015-0624: Input Validation
First published: Sat Feb 21 2015(Updated: )
The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Content Security Management Virtual Appliance | ||
| Cisco Web Security Appliance | ||
| Cisco Email Security Appliance Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0624?
CVE-2015-0624 is considered a medium severity vulnerability that can lead to unauthorized redirects.
How do I fix CVE-2015-0624?
To mitigate CVE-2015-0624, update your Cisco devices to the latest firmware that addresses this vulnerability.
Which Cisco products are affected by CVE-2015-0624?
CVE-2015-0624 affects the Cisco Email Security Appliance, Content Security Management Appliance, and Web Security Appliance.
What type of attack can be executed using CVE-2015-0624?
Attackers can exploit CVE-2015-0624 to execute HTTP header injection attacks, leading to potential redirects.
Is there a workaround for CVE-2015-0624?
There are no official workarounds for CVE-2015-0624; updating the affected products is recommended.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/tags
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco content security management virtual appliance
- canonical/cisco web security appliance
- canonical/cisco email security appliance firmware