CVE-2013-5512

Cisco ASA 8.2-9.1 DoS via HTTP Deep Packet Inspection Race Condition

Title source: llm

Description

Race condition in the HTTP Deep Packet Inspection (DPI) feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.5), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.4), 9.0.x before 9.0(1.4), and 9.1.x before 9.1(1.2), in certain conditions involving the spoof-server option or ActiveX or Java response inspection, allows remote attackers to cause a denial of service (device reload) via a crafted HTTP response, aka Bug ID CSCud37992.

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5512

Vendor Advisory vendor-advisory x_refsource_cisco

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa

Scores

EPSS 0.0139

EPSS Percentile 68.9%

Details

CWE

CWE-362

Status published

Products (33)

cisco/adaptive_security_appliance_software 8.2

cisco/adaptive_security_appliance_software 8.2\(1\)

cisco/adaptive_security_appliance_software 8.2\(2\)

cisco/adaptive_security_appliance_software 8.2\(3\)

cisco/adaptive_security_appliance_software 8.2\(3.9\)

cisco/adaptive_security_appliance_software 8.2\(4\)

cisco/adaptive_security_appliance_software 8.2\(4.1\)

cisco/adaptive_security_appliance_software 8.2\(4.4\)

cisco/adaptive_security_appliance_software 8.2\(5\)

cisco/adaptive_security_appliance_software 8.2\(5.35\)

... and 23 more

Published Oct 13, 2013

Tracked Since Feb 18, 2026