Guest

Preview Tool

Cisco Bug: CSCur39155 - Cisco Web Security Appliance (WSA) Range Request DoS Vulnerability

Last Modified

Apr 19, 2017

Products (1)

  • Cisco Web Security Appliance

Known Affected Releases

8.0.6-078 8.0.8-MR-113

Description (partial)

Summary
A vulnerability in the file-range request functionality of Cisco AsyncOS for Cisco Web 
Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a 
denial of service (DoS) condition on an appliance because the appliance runs out of 
system memory.

The vulnerability is due to a failure to free memory when a file range is requested 
through the Cisco WSA. An attacker could exploit this vulnerability by opening multiple 
connections that request file ranges through the WSA. A successful exploit could allow 
the attacker to cause the WSA to stop passing traffic when enough memory is used and 
not freed.

PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.8/6.4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0  CVE ID CVE-2015-6293 has been assigned to 
document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Symptom:
Summary
A vulnerability in the file-range request functionality of Cisco AsyncOS for Cisco Web 
Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a 
denial of service (DoS) condition on an appliance because the appliance runs out of 
system memory.

The vulnerability is due to a failure to free memory when a file range is requested 
through the Cisco WSA. An attacker could exploit this vulnerability by opening multiple 
connections that request file ranges through the WSA. A successful exploit could allow 
the attacker to cause the WSA to stop passing traffic when enough memory is used and 
not freed.

PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.8/6.4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0  CVE ID CVE-2015-6293 has been assigned to 
document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Conditions:
Summary
A vulnerability in the file-range request functionality of Cisco AsyncOS for Cisco Web 
Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a 
denial of service (DoS) condition on an appliance because the appliance runs out of 
system memory.

The vulnerability is due to a failure to free memory when a file range is requested 
through the Cisco WSA. An attacker could exploit this vulnerability by opening multiple 
connections that request file ranges through the WSA. A successful exploit could allow 
the attacker to cause the WSA to stop passing traffic when enough memory is used and 
not freed.

PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.8/6.4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0  CVE ID CVE-2015-6293 has been assigned to 
document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.