Guest

Preview Tool

Cisco Bug: CSCun82081 - WSA HTTP Header Validation

Last Modified

Aug 06, 2018

Products (1)

  • Cisco Web Security Appliance

Known Affected Releases

7.7.0-608 8.0.0-501 8.0.5-070

Description (partial)

Symptom:
Nessus scanner may flag WSA as vulnerable to ''Infinite Request attack''.
Cisco has analyzed this issue and, while the product is resilient to the attack, so no crash or performance hit are noticed, it is still
accepting and processing the crafted HTTP request.

This bug is open to make sure the product implement better sanitation techniques.

Conditions:
none
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.