CVE-2015-6285

Cisco Email Security Appliance - Format String Vulnerability

Title source: rule

Description

Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497.

References (2)

[Vendor Advisory] http://tools.cisco.com/security/center/viewAlert.x?alertId=40844

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1033531

Scores

EPSS 0.0044

EPSS Percentile 63.3%

Details

CWE

CWE-134

Status published

Products (2)

cisco/email_security_appliance 7.6.0

cisco/email_security_appliance 8.0.0

Published Sep 14, 2015

Tracked Since Feb 18, 2026