==================================================================== CERT-Renater Note d'Information No. 2016/VULN219 _____________________________________________________________________ DATE : 19/05/2016 HARDWARE PLATFORM(S): Cisco Web Security Appliance. OPERATING SYSTEM(S): Cisco AsyncOS. ====================================================================== http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa1 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa2 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa3 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa4 ____________________________________________________________________ Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability Advisory ID: cisco-sa-20160518-wsa1 Revision 1.0 For Public Release 2016 May 18 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability that occurs when parsing an HTTP POST request with Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process becoming unresponsive. The vulnerability is due to a lack of proper input validation of the packets that make up the HTTP POST request. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the affected device. An exploit could allow the attacker to cause a DoS condition due to the proxy process becoming unresponsive and the WSA reloading. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa1 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa2 ____________________________________________________________________ Cisco Web Security Appliance Cached Range Request Denial of Service Vulnerability Advisory ID: cisco-sa-20160518-wsa2 Revision 1.0 For Public Release 2016 May 18 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in the cached file-range request functionality of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an appliance due to the appliance running out of system memory. The vulnerability is due to a failure to free memory when a file range for cached content is requested through the WSA. An attacker could exploit this vulnerability by opening multiple connections that request file ranges through the affected device. A successful exploit could allow the attacker to cause the WSA to stop passing traffic when enough memory is used and not freed. Cisco has released software updates that address this vulnerability. A workaround that mitigates this vulnerability is also available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa2 ____________________________________________________________________ Cisco Web Security Appliance HTTP Length Denial of Service Vulnerability Advisory ID: cisco-sa-20160518-wsa3 Revision 1.0 For Public Release 2016 May 18 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in HTTP request parsing in Cisco AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the proxy process unexpectedly restarts. The vulnerability occurs because the affected software does not properly allocate space for the HTTP header and any expected HTTP payload. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to cause a DoS condition when the proxy process unexpectedly reloads, which can cause traffic to be dropped. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa3 ____________________________________________________________________ Cisco Web Security Appliance Connection Denial of Service Vulnerability Advisory ID: cisco-sa-20160518-wsa4 Revision 1.0 For Public Release 2016 May 18 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in Cisco AsyncOS for the Cisco Web Security Appliance (WSA) when the software handles a specific HTTP response code could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an appliance because the appliance runs out of system memory. The vulnerability occurs because the software does not free client and server connection memory and system file descriptors when a certain HTTP response code is received in the HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to cause a DoS condition because the appliance runs out of system memory. When this happens, the device can no longer accept new incoming connection requests. Cisco has released software updates that address this vulnerability. A workaround that addresses this vulnerability is also available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa4 ========================================================== Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================