Preview Tool

Cisco Bug: CSCzv21109 - GUI appfault using web application vulnerability scanner

Last Modified

Mar 12, 2019

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

10.0.0-203 6.5.1-005 6.5.2-005 7.0.0-000 7.1.1-012 7.5.0-000 7.6.0-000 8.0.0-000 8.5.6-092 9.6.0-047 9.7.0-125

Description (partial)

An GUI application gets an application fault error message: 
Critical: An application fault occurred: 
(''godlib/ do_scan|121'', ''''<type ''exceptions.TypeError''>'''', 
''getpwnam() argument 1 must be string without null bytes, not str'', ''
[util/ screenLoop|407]
[util/ inverseExtend|328] 
[util/ __call__|769]
[screen/ __call__|23] 
[util/ __call__|769]
[screen/ __call__|38] 
[util/ __call__|769]
[screen/ __call__|159] 
[util/ __call__|771]
[screen/ __call__|44] 
[screen/ executeAction|65] 
[screen/ doLoginAction|147] 
[external_auth/ get_user_entry|135] 
[external_auth/ _standard_getpwnam|57] 
[godlib/ get_verdict|127] 
[godlib/ do_scan|121]'')

Device with default configuration. 

Has maily been observed when customers have had security scanners run against their appliance.  Application fault occurs with crafted HTTP 
POST/GET requests.

There is no process restarts.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.