CVE-2006-0515

Cisco PIX/ASA <7.1(2) & 7.0(<5), PIX 6.3(<5.112), FWSM 2.3(<4) & 3....

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0515. PoCs published by George D. Gal.

AI-analyzed exploit summary This Java-based proxy tool exploits CVE-2006-0515 by bypassing Cisco content-filtering mechanisms. It manipulates HTTP headers to evade detection and forwards traffic to restricted websites.

Description

Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734.

Exploits (1)

exploitdb WORKING POC VERIFIED

by George D. Gal · javaremotehardware

https://www.exploit-db.com/exploits/27830

View Code ZIP pw:eip

This Java-based proxy tool exploits CVE-2006-0515 by bypassing Cisco content-filtering mechanisms. It manipulates HTTP headers to evade detection and forwards traffic to restricted websites.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Cisco products with content-filtering (e.g., Websense)

No auth needed

Prerequisites: Network access to the proxy server · Java runtime environment

MITRE ATT&CK

T1083 - File and Directory Discovery T1090 - Proxy

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11

Core References

Patch, Vendor Advisory x_refsource_misc

http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/17883

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/26308

Mailing List mailing-list x_refsource_fulldisc

http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045899.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/25453

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20044

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/1738

Vendor Advisory vendor-advisory x_refsource_cisco

http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/tsd_products_security_response09186a00806824ec.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1016040

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1016039

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/433270/100/0/threaded

Scores

EPSS 0.0882

EPSS Percentile 94.5%

Details

Status published

Products (50)

cisco/adaptive_security_appliance_software 7.0

cisco/adaptive_security_appliance_software 7.0\(4\)

cisco/adaptive_security_appliance_software 7.0.1.4

cisco/adaptive_security_appliance_software 7.0.4.3

cisco/firewall_services_module 2.3

cisco/firewall_services_module 3.1

cisco/pix_firewall 6.2.2.111

cisco/pix_firewall 6.2.3_\(110\)

cisco/pix_firewall 6.3.3_\(133\)

cisco/pix_firewall_software 2.7

... and 40 more

Published May 09, 2006

Tracked Since Feb 18, 2026