Guest

Preview Tool

Cisco Bug: CSCus23919 - Cisco WAAS Appliances may be vulnerable to published vulnerabilities

Last Modified

Jun 29, 2018

Products (1)

  • Cisco Wide Area Application Services (WAAS) Appliances

Known Affected Releases

5.3(5c) 5.4(1a)

Description (partial)

Symptom:
Cisco Wide Area Application Services (WAAS) Appliances includes a version of the Apache HTTP server that is
affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2012-3499: Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before
2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors
involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5)
mod_status modules. This has been classified by the vendor as having a CVSSv2 score of 4.3
(AV:N/AC:M/AU:N/C:N/I:P/A:N)

CVE-2012-4558: Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the
manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x
before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a
crafted string. This has been classified by the vendor as having a CVSSv2 score of 4.3
(AV:N/AC:M/AU:N/C:N/I:P/A:N)

CVE-2013-1862: mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes
data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute
arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. This has been
classified by the vendor as having a CVSSv2 score of 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 

CVE-2013-1896: mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is
enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE
request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in
XML data refers to a non-DAV URI. This has been classified by the vendor as having a CVSSv2 score of 4.3
(AV:N/AC:M/AU:N/C:N/I:N/A:P)

CVE-2013-5704: The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass
''RequestHeader unset'' directives by placing a header in the trailer portion of data sent with chunked transfer
coding. NOTE: the vendor states ''this is not a security issue in httpd as such.'' This has been classified by
the vendor as having a CVSSv2 score of 5.0 (AV:N/AC:L/AU:N/C:N/I:P/A:N)

CVE-2013-6438: The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server
before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers
to cause a denial of service (daemon crash) via a crafted DAV WRITE request. This has been classified by the
vendor as having a CVSSv2 score of 5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P)

CVE-2014-0098: The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP
Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash)
via a crafted cookie that is not properly handled during truncation. This has been classified by the vendor as
having a CVSSv2 score of 5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P)

CVE-2014-0118: The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP
Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of
service (resource consumption) via crafted request data that decompresses to a much larger size. This has been
classified by the vendor as having a CVSSv2 score of 4.3 (AV:N/AC:M/AU:N/C:N/I:N/A:P)

CVE-2014-0226: Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote
attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential
information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within
the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in
modules/lua/lua_request.c. This has been classified by the vendor as having a CVSSv2 score of 6.8
(AV:N/AC:M/AU:N/C:P/I:P/A:P)

CVE-2014-0231: The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism,
which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that
does not read from its stdin file descriptor. This has been classified by the vendor as having a CVSSv2 score
of 5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P)

This bug was opened to address the potential impact on this product.

Conditions:
Running version of the software prior to the Known Fixed Releases
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.