CVE-2016-1380 - Vulnerability Details

Vendors	Products
Cisco	Web Security Appliance

Link	Providers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa1
http://www.securitytracker.com/id/1035908

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-18T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-29T16:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1035908", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035908"}, {"name": "20160518 Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1380", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1035908", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035908"}, {"name": "20160518 Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:55:14.249Z"}, "title": "CVE Program Container", "references": [{"name": "1035908", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035908"}, {"name": "20160518 Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa1"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1380", "datePublished": "2016-05-25T01:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:14.249Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2016-05-18T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2016-11-29T16:57:01 (string)

orgId : d1c1063e-7a18-46af-9102-31f8928bc633 (string)

shortName : cisco (string)

}

references : [ »

0 : { »

name : 1035908 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1035908 (string)

}

1 : { »

name : 20160518 Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_CISCO (string)

]

url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa1 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@cisco.com (string)

ID : CVE-2016-1380 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 1035908 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1035908 (string)

}

1 : { »

name : 20160518 Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability (string)

refsource : CISCO (string)

url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa1 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T22:55:14.249Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 1035908 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1035908 (string)

}

1 : { »

name : 20160518 Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_CISCO (string)

2 : x_transferred (string)

]

url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa1 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : d1c1063e-7a18-46af-9102-31f8928bc633 (string)

assignerShortName : cisco (string)

cveId : CVE-2016-1380 (string)

datePublished : 2016-05-25T01:00:00 (string)

dateReserved : 2016-01-04T00:00:00 (string)

dateUpdated : 2024-08-05T22:55:14.249Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F24CCD0-DFAB-44D9-B29A-A6D925A83C93", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:web_security_appliance:8.0.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "33C867BF-2CD0-4058-9738-22C769B03D97", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:8.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "AFBF729F-2AD0-4291-AF41-184CCA230D28", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:8.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "9D8750D2-5250-43BE-AC50-981902C0CF5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:8.0.6-078:*:*:*:*:*:*:*", "matchCriteriaId": "A5A171CD-A1FB-44AE-B252-9916626AEEDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:8.0.6-119:*:*:*:*:*:*:*", "matchCriteriaId": "D6003553-A114-42E0-B817-D176F3A6112B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:8.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "892F3569-985A-43FD-8A65-440A528A29FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:8.0.7-142:*:*:*:*:*:*:*", "matchCriteriaId": "7514E1C3-42DC-4738-AF6C-3004FAC5BD6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:8.0.8-mr-113:*:*:*:*:*:*:*", "matchCriteriaId": "C62AB23C-9F58-403D-B0E7-8ED3F5A4FE1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:8.5.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "7D725328-3720-4C45-BF53-295A70BFCD92", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:8.5.0-497:*:*:*:*:*:*:*", "matchCriteriaId": "3E9AF842-92F9-43A7-834A-0FFB3B619EDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:8.5.1-021:*:*:*:*:*:*:*", "matchCriteriaId": "8C75625C-3C19-4449-B992-279325170CD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:8.5.2-024:*:*:*:*:*:*:*", "matchCriteriaId": "4954BDC0-0A4B-4EF7-BFD2-2FF6FAE2FCA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:8.5.2-027:*:*:*:*:*:*:*", "matchCriteriaId": "F4F98B8B-8B27-4253-B8EF-5782F57DB654", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:8.5.3-055:*:*:*:*:*:*:*", "matchCriteriaId": "729E3778-4BCA-46C6-AF3D-A2C10CDDB1F1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171."}, {"lang": "es", "value": "Cisco AsyncOS 8.0 en versiones anteriores a 8.0.6-119 en dispositivos Web Security Appliance (WSA) permite a atacantes remotos provocar una denegaci\u00f3n de servicio (colgado del proceso proxy) a trav\u00e9s de una petici\u00f3n HTTP POST manipulada, tambi\u00e9n conocida como Bug ID CSCuo12171."}], "id": "CVE-2016-1380", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-05-25T01:59:04.020", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa1"}, {"source": "psirt@cisco.com", "url": "http://www.securitytracker.com/id/1035908"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035908"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 8F24CCD0-DFAB-44D9-B29A-A6D925A83C93 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:8.0.0-000:*:*:*:*:*:*:* (string)

matchCriteriaId : 33C867BF-2CD0-4058-9738-22C769B03D97 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:8.0.5:*:*:*:*:*:*:* (string)

matchCriteriaId : AFBF729F-2AD0-4291-AF41-184CCA230D28 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:8.0.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 9D8750D2-5250-43BE-AC50-981902C0CF5C (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:8.0.6-078:*:*:*:*:*:*:* (string)

matchCriteriaId : A5A171CD-A1FB-44AE-B252-9916626AEEDD (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:8.0.6-119:*:*:*:*:*:*:* (string)

matchCriteriaId : D6003553-A114-42E0-B817-D176F3A6112B (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:8.0.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 892F3569-985A-43FD-8A65-440A528A29FD (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:8.0.7-142:*:*:*:*:*:*:* (string)

matchCriteriaId : 7514E1C3-42DC-4738-AF6C-3004FAC5BD6C (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:8.0.8-mr-113:*:*:*:*:*:*:* (string)

matchCriteriaId : C62AB23C-9F58-403D-B0E7-8ED3F5A4FE1B (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:8.5.0-000:*:*:*:*:*:*:* (string)

matchCriteriaId : 7D725328-3720-4C45-BF53-295A70BFCD92 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:8.5.0-497:*:*:*:*:*:*:* (string)

matchCriteriaId : 3E9AF842-92F9-43A7-834A-0FFB3B619EDA (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:8.5.1-021:*:*:*:*:*:*:* (string)

matchCriteriaId : 8C75625C-3C19-4449-B992-279325170CD2 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:8.5.2-024:*:*:*:*:*:*:* (string)

matchCriteriaId : 4954BDC0-0A4B-4EF7-BFD2-2FF6FAE2FCA4 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:8.5.2-027:*:*:*:*:*:*:* (string)

matchCriteriaId : F4F98B8B-8B27-4253-B8EF-5782F57DB654 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:8.5.3-055:*:*:*:*:*:*:* (string)

matchCriteriaId : 729E3778-4BCA-46C6-AF3D-A2C10CDDB1F1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171. (string)

}

1 : { »

lang : es (string)

value : Cisco AsyncOS 8.0 en versiones anteriores a 8.0.6-119 en dispositivos Web Security Appliance (WSA) permite a atacantes remotos provocar una denegación de servicio (colgado del proceso proxy) a través de una petición HTTP POST manipulada, también conocida como Bug ID CSCuo12171. (string)

}

]

id : CVE-2016-1380 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 7.8 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:N/I:N/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2016-05-25T01:59:04.020 (string)

references : [ »

0 : { »

source : psirt@cisco.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa1 (string)

}

1 : { »

source : psirt@cisco.com (string)

url : http://www.securitytracker.com/id/1035908 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa1 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1035908 (string)

}

]

sourceIdentifier : psirt@cisco.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object