Cisco Bug: CSCus79174 - non-HTTP traffic on HTTP ports is passed through without inspection
Jan 28, 2017
- Cisco Web Security Appliance
Known Affected Releases
Symptom: A vulnerability in the proxy engine of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass the security restriction. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by crafting an improper HTTP method. An exploit could allow the attacker to circumvent the WSA's ability to prevent proxied network traffic. Conditions: Default installation of an affected release of the WSA.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases