Guest

Preview Tool

Cisco Bug: CSCzv21109 - GUI appfault using web application vulnerability scanner

Last Modified

Mar 12, 2019

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

10.0.0-203 6.5.1-005 6.5.2-005 7.0.0-000 7.1.1-012 7.5.0-000 7.6.0-000 8.0.0-000 8.5.6-092 9.6.0-047 9.7.0-125

Description (partial)

Symptom:
An GUI application gets an application fault error message: 
Critical: An application fault occurred: 
(''godlib/verdict_cache.py do_scan|121'', ''''<type ''exceptions.TypeError''>'''', 
''getpwnam() argument 1 must be string without null bytes, not str'', ''
[util/Aquarium.py screenLoop|407]
[util/InternalLibrary.py inverseExtend|328] 
[util/InternalLibrary.py __call__|769]
[screen/Controller.py __call__|23] 
[util/InternalLibrary.py __call__|769]
[screen/CommonController.py __call__|38] 
[util/InternalLibrary.py __call__|769]
[screen/AppController.py __call__|159] 
[util/InternalLibrary.py __call__|771]
[screen/login.py __call__|44] 
[screen/Controller.py executeAction|65] 
[screen/login.py doLoginAction|147] 
[external_auth/__init__.py get_user_entry|135] 
[external_auth/__init__.py _standard_getpwnam|57] 
[godlib/verdict_cache.py get_verdict|127] 
[godlib/verdict_cache.py do_scan|121]'')

Conditions:
Device with default configuration. 

Has maily been observed when customers have had security scanners run against their appliance.  Application fault occurs with crafted HTTP 
POST/GET requests.

There is no process restarts.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.