Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.2768
Multiple vulnerabilities identified in Cisco Web Security Appliance
5 November 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco Web Security Appliance
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Root Compromise -- Existing Account
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2015-6298 CVE-2015-6293 CVE-2015-6292
Original Bulletin:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa2
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa1
Comment: This bulletin contains three (3) Cisco Systems security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Web Security Appliance Range Request Denial of Service Vulnerability
Advisory ID: cisco-sa-20151104-wsa2
Revision 1.0
For Public Release 2015 November 4 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the file-range request functionality of Cisco AsyncOS
for Cisco Web Security Appliance (WSA) could allow an unauthenticated,
remote attacker to cause a denial of service (DoS) condition on an
appliance because the appliance runs out of system memory.
The vulnerability is due to a failure to free memory when a file range
is requested through the Cisco WSA. An attacker could exploit this
vulnerability by opening multiple connections that request file ranges
through the WSA. A successful exploit could allow the attacker to cause
the WSA to stop passing traffic when enough memory is used and not freed.
Cisco has released software updates that address this vulnerability.
A workaround that mitigates this vulnerability is also available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa2
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBVjU+hopI1I6i1Mx3AQJRcg/+NIdwN6LOVr8XeSlK2mFK1ixg1ZbsyKeO
TCmiSNBpsGf0wHxPWY9qewUHMSkhxZaVvu7szc24EcA5bWbjuexc0scxRFLuU7Nm
LyDjmwRmKr/HVUvXg4wYnWT8y3VtijqVSTZSBnjskZGh4LO/095hZblYEas55Jzk
QfHuTH554H7IB6zYOoZdbEOCC0CNzl9AyGAuJAmrZ/udlaQs18nurJR9OSayAltM
7sTxH6SIqFyEy2/+8yqpvUEqMNocYqrEasLjbxR0o73vdlJ9wcOKtyPUpcEioRN3
7BqnYiqPurnBZt+CkBbu5ehgq+0wYdFyJfWyrzeNE9LRMD0SyJTrAu68Pvd0e6AS
0TlpCbiSdOrtLm7vl6v+pF6R3sg+Ve7I2v4w7GXjlZapdRN+vEJoObOk2KGot9kV
j3BKVy2RFwLgM+HJEvOCYNobQorb7+E72BkkBauBli8BE6pXI6mjvAxpADrYvv5r
fxL2enMX0MNtdUKxgV/t8QvAFiFxMf8bV3kfuqRUul+V/MPQF3nbubtebMQruDT+
3HhyoxwE1xV9HjEWOgrxpEwW/p4nxalF7RTbywbxllaHsMH8hhJYlyFmKL7jkRL8
VS8Oj6PX0P4MJX5TpCsMk8k0pjLYpnGsH+Jbl+CgkLA59DPeerBDhoBH45FbsCMn
80LINw5zqH8=
=TsjI
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Cisco Security Advisory: Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability
Advisory ID: cisco-sa-20151104-wsa
Revision 1.0
For Public Release 2015 November 4 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the certificate generation process in the admin web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system with root-level privileges.
The vulnerability is due to the improper validation of parameters passed to the affected system scripts. An attacker could exploit this vulnerability by passing arbitrary commands as arguments to the affected fields of the web interface. An exploit could allow the attacker to run arbitrary commands on the underlying system with root-level privileges.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa
- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWOibcAAoJEIpI1I6i1Mx3ANEQAJ+ba8TyxsQ3Krkk3LQG5cEv
HcM6gkBD5ZIN/mN114oCxEj09ja8I1uVQeEZ48QpJwsd2lK+6kShhk9dEf1pU+AF
O6jQSB5K70pBu0OQiR+cjx6UL4n8rjXFg43A+x96LVf3urnsE2yLO6rwelo5RedZ
/9buyqZ0tSlNlShjswtJGWDJb7fXnY8wKYdwdKrc3b/tcmpU9Ae/kCrH5p5lhmE5
QuS2lBDkp5kKR06TWO0dKjoSYXspS/HU8y/ol6Pebb6UdogYeMZCLC5JsbSKzQ3i
mwBjLjt6ZA31Q+ML3FTkyv2KgNfFMi3t7tYCu+QPuFKJ2zd29Cbh7FLP+BdYg18P
u3g5AdEZWLjBa1Crlo3NhTvH2qS4ZJ8wTMlLg3gk0W0eUnP/PRYFIOmUyP2gv4aU
nrigoC/I67jZMnpLcZ1NPHAePdOPzK3YWxbAmCG/2tW2kJfRGAXnRPK/BqhhagVv
2RirzYFK5aYo7nVzXHiSqThtHuSpDnJZeYsVJwRYgHnhCsTwQYxCrLtEU/kF/btg
F95Rm2Se3s+R39LK8G8msT4uJq8B1CCe+rnldgV8DR4S+49mZoI59uw240VIed+W
JwLwmSPR0njrI+e+DboUaOOyrwrCjzYPe4EVMpTLmkVK6JgEXno/8q0zmwjnHRKv
0MgACGiN3EjEK/Mnq/aH
=zUS3
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability
Advisory ID: cisco-sa-20151104-wsa1
Revision 1.0
For Public Release 2015 November 4 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the proxy cache functionality of Cisco AsyncOS for
Cisco Web Security Appliance (WSA) could allow an unauthenticated,
remote attacker to cause a denial of service (DoS) condition because
the device runs out of system memory.
The vulnerability is due to improper memory operations by the affected
software. The software fails to free a memory object when it retrieves
data from the proxy server cache to terminate a TCP connection. An
attacker could exploit this vulnerability by opening many proxy
connections through the WSA. An exploit could allow the attacker to
cause the WSA to stop passing traffic when enough memory is leaked.
Cisco has released software updates that address this vulnerability.
A workaround that mitigates this vulnerability is also available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa1
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBVjU+cYpI1I6i1Mx3AQI+ww//RagxLWcIsbnUqMk4yZ0BZmSMjcpNqgUp
CLz5cIhCX3P4/6kK0mc1ad3o6LtqFeMCc0cooj6p83+CfeatAfdg8A65HrJ8Pp8S
5JimnhoAtMkAQUrUJJ0ch/mB4TMMhAGHSNnfBoleDhzn2Cc6uvk9MMNds5ERwU0z
HHRq+kpVSzawf9LJpWpauf1RulXxH5KgsuQ7eeSqCdRGPGrH5Eg3FyA4O0DrACf4
FlgTvjz2qcXiwneQtOZ/eTD7N18YNgh3c/IqIwjWTDTJCUmEXRNfgDjZFP0aDv9f
6qhDJh2D18Fdh+EA+Y0iVUXP6r7HJrASM2qAqqJPSoawheyCZx48+gi5+QB/p7Ds
M2MR6EgblF8DQcZHByMF7k8HCCMZEZu8PIqOwLQfI4v40qTTsKP4g4+IngdaGZ7h
dFkM+93cpk+GbZIc7ATaePxnzA9l6T77eSYnfxIxHPHSZShU43W4W+mubyZyjeEz
dwUPWv9Dm9uvZjH375aBmVFzxcdttXPSHq7iatpguEeojUGOl2kFRU4FYdPLx54b
B4AMxlkwq73vhCEgoHjQ+pLMo3ep9tMjegfs0TlRwCi3lh8fBCzUojdMSJaQS8+V
8ipBwfieLRKHIDH8cV6y1FFKMmKc5tvb5yvXJnbXO+kltDhC9SpjKtqFkY7P7gV4
EpOZS1OWeE8=
=jTdT
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVjrdrX6ZAP0PgtI9AQIENA//cGJJeDiTcBEhMqwulqVEpJLHlIztVG2+
7r0Mm/QqGhdtHp4xlUwASN2of4io3B9w1/Bxk4YPzZ8Yh7rtp2FSpv7bZNLMVver
UgpllUaa6A3nS0NLCDL6zCHxIzQtDJ47TKvW7O93IcOU7EHPukAyq/E+TUKBVofO
pzYp2Wyb/OZC8FDHgXSSxlDCh/PQ//t8fa7Fn06xnK+Ghkf40rS5WQH9b5Bh72Bm
Ed++Off8vlqQ9pifPGNhfSbTq6yTV3q1RqQiyadfN+hCKLPec1mbLA92UMrZrhLS
je3EMVV5UAHOVL69JQRmEiIbMclWz0288R0PJqzaA5J/sU8o7+Lrhyg2T91Sjiau
aP1i1bYtxOzhDeCq3zNk0jdrp4V+G23fXCnvMmXg3LTW00DijurK66Vj/GXe71VF
RtcLPLeciW4vI6ZTEnTqKUGqHYEo2Ivz24BQUlSKZegCYsoqmqpR6I73V6U87gMK
TRET12yBgURUQTh7OvvofBD/KkBV3t8NmTM7CH4yT64gSdVl7XEL6Ostr5Zqa/z2
qdBWH4rlXd1BSUMOSP2YRg1ir3UVZqYLE4wR3eV5Lukhr/HqxsCs1uSAyTYVCy8V
0aNcGXgzYNgC7fRVHxa3V38xXxYFjzRwdnWmTcqaKaIbcD/mShWzzqnARu8R33v8
o3xyGRwwUOc=
=ULLu
-----END PGP SIGNATURE-----