Guest

Preview Tool

Cisco Bug: CSCur39155 - Cisco Web Security Appliance (WSA) Range Request DoS Vulnerability

Last Modified

Mar 04, 2018

Products (1)

  • Cisco Web Security Appliance

Known Affected Releases

8.0.6-078 8.0.8-MR-113

Description (partial)

Summary
A vulnerability in the file-range request functionality of Cisco AsyncOS for Cisco Web 
Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a 
denial of service (DoS) condition on an appliance because the appliance runs out of 
system memory.

The vulnerability is due to a failure to free memory when a file range is requested 
through the Cisco WSA. An attacker could exploit this vulnerability by opening multiple 
connections that request file ranges through the WSA. A successful exploit could allow 
the attacker to cause the WSA to stop passing traffic when enough memory is used and 
not freed.

PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.8/6.4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0  CVE ID CVE-2015-6293 has been assigned to 
document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Symptom:
Summary
A vulnerability in the file-range request functionality of Cisco AsyncOS for Cisco Web 
Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a 
denial of service (DoS) condition on an appliance because the appliance runs out of 
system memory.

The vulnerability is due to a failure to free memory when a file range is requested 
through the Cisco WSA. An attacker could exploit this vulnerability by opening multiple 
connections that request file ranges through the WSA. A successful exploit could allow 
the attacker to cause the WSA to stop passing traffic when enough memory is used and 
not freed.

PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.8/6.4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0  CVE ID CVE-2015-6293 has been assigned to 
document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Conditions:
Summary
A vulnerability in the file-range request functionality of Cisco AsyncOS for Cisco Web 
Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a 
denial of service (DoS) condition on an appliance because the appliance runs out of 
system memory.

The vulnerability is due to a failure to free memory when a file range is requested 
through the Cisco WSA. An attacker could exploit this vulnerability by opening multiple 
connections that request file ranges through the WSA. A successful exploit could allow 
the attacker to cause the WSA to stop passing traffic when enough memory is used and 
not freed.

PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.8/6.4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0  CVE ID CVE-2015-6293 has been assigned to 
document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Related Community Discussions

Alerts about key
Hi Team. We have received some alerts like these in the ESA, let me know if it not have impact in the ESA´s performance and if we can ingore this kind of alerts: An application fault occurred: ('egg/dict_utils.py handle_duplicate|35', "<type 'exceptions.ValueError'>", "Key 'case' is already registered.", '[_coro.pyx coro._coro._wrap1 (coro/_coro.c:8477)|757] [heimdall/child.py _logger|681] [heimdall/child.py _add_log_subscription|541] [qlog/config_glue.py add_internal_subscription|366] [egg/dict_utils.py ...
Latest activity: Feb 09, 2016
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.