CVE-2015-0624

Cisco AsyncOS on ESA, SMA, and WSA - HTTP Header Injection

Title source: llm
STIX 2.1

Description

The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031782
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/72702
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031781

Scores

EPSS 0.0216
EPSS Percentile 80.0%

Details

CWE
CWE-20
Status published
Products (3)
cisco/content_security_management_appliance
cisco/email_security_appliance_firmware
cisco/web_security_appliance
Published Feb 21, 2015
Tracked Since Feb 18, 2026