Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.1255
Cisco Web Security Appliance HTTP Length Denial of Service Vulnerability
19 May 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco Web Security Appliance (WSA)
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2016-1380 CVE-2016-1381 CVE-2016-1382
CVE-2016-1383
Original Bulletin:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa1
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa2
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa3
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa4
Comment: This bulletin contains four (4) Cisco Systems security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability
Advisory ID: cisco-sa-20160518-wsa1
Revision 1.0
For Public Release 2016 May 18 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability that occurs when parsing an HTTP POST request with Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process becoming unresponsive.
The vulnerability is due to a lack of proper input validation of the packets that make up the HTTP POST request. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the affected device. An exploit could allow the attacker to cause a DoS condition due to the proxy process becoming unresponsive and the WSA reloading.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa1
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBVzI0Ga89gD3EAJB5AQJGlg/+ObkX2XT38zQEebob3urvYki7B6X+ymcR
XVObHxksGUQNOsHPmLlj/efiSeBRlr8tD8ZwH5MEm6A2E8R24tnxJJw7A4LxZMm+
TxWSm/eXu7hFQufWnsKcC/zV8G7pFyrDi/9k9//Gqj1RENh5EQQECBqfWs/cCRZM
lNKpwY33V/mar6Qopf+YBuhkUY0vgd0Jz189S2EK5RQndwERvUrMTZHicErsupeb
5hFHP//pjDiu1JusGrU3Vvx+gIlKVCd13Aq1ancqE4EKLlBk7KIgZMnD6dfaEOAt
YYCDBHVTkSmPYltEZ6d4YU7+DmT2fkbK8r3aybeuxRZJ0EWwIq5ssOkzZSgN18tr
itAnftJwGVrOEmaAtxcba7Ok5+Y5B4+031cwRfxruML8ZoEX36KaZy3HDzwGY0su
fuIRp6yucSVohTHgkU+KX3DXlzD/HpviaDdFwMscwyvtKo+vzJZVWkxaQI190B+y
GwwDcIV1EzM58NeXzPtuiR8e2+hUAZ6F1D6Np1lVrVa2VyRcBdQ0BbMr6xuzruWN
Y4j73bK/g7yBO3wXbFYw7vW7pm71jCi6oq1fI0M45XKJPGdAzIVhroCLepNAfvf8
F8pzscWL+8XqDD9NqjUl42jM1sxVCpYGLyVTeGuNdUSGtoKwqsy7X4MdWDcSZ7Wa
rmhFNyj9Vm8=
=kAil
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Web Security Appliance Cached Range Request Denial of Service Vulnerability
Advisory ID: cisco-sa-20160518-wsa2
Revision 1.0
For Public Release 2016 May 18 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the cached file-range request functionality of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an appliance due to the appliance running out of system memory.
The vulnerability is due to a failure to free memory when a file range for cached content is requested through the WSA. An attacker could exploit this vulnerability by opening multiple connections that request file ranges through the affected device. A successful exploit could allow the attacker to cause the WSA to stop passing traffic when enough memory is used and not freed.
Cisco has released software updates that address this vulnerability. A workaround that mitigates this vulnerability is also available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa2
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBVzI0Oa89gD3EAJB5AQJsexAAyH61to/tiXUbPHahnr2DdLqJPCkMKyZx
7t6DJRtvD1yBbOPNm+EaySBI7dAIZ9Gtt6kWueARIo9Kyu46Y4TfLpI9Kh8XEGcd
6kB+WO6Ps2FYktDPk0onhr4L8KAMqP05l02Cls7WCkxbc6feOD6GnlWLeIQDFgxB
gaOph4ng1mbmniqBf7bIdsjM1wzx0T58QeNmkCBl3PqPX30GATCVlKwvh2wTqqAR
7PGH+vy47ueTXQgaoFF8NJR/25WhCSnRxBFgotGx+BKPWlE5tAxCC+AQ516md6nn
ox+3UJ0tVDwBV/0gpMLoMN/oqC7VQATjEFiq/vaJDIXipqFw7BJu/qvFfP0gzWRz
MB1S/kAPBbGI8TbV7ago5DM/w0kvtqFlOwYntQhcL3xu6FHq6Wf71HB1R2vqBBkh
qrmPwZ6F3EJmbjwK0GNDzpqIHtTp6yeLGtyXsokbhmh68sCej4JemOgPGXM1aLCP
pFJbaMsHEge3Co9h3TPoq7eXl1JFGOwxb47++/K6oFLvPNUp8f5SqsVtLPGhsGMz
VGhM6XaioppOGjOAGKloyrYfJTMoKcB7OHjnA0bx9MUavN8+epa1s+CH8ViD0iTN
STuvrv8vF+YsIOuD1oCgLLegPZqjNhZPj/ZD9oyvjim34bgoSynAUcY1CiVNyp8/
zsX1HnOZJbo=
=XrBA
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Web Security Appliance HTTP Length Denial of Service Vulnerability
Advisory ID: cisco-sa-20160518-wsa3
Revision 1.0
For Public Release 2016 May 18 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability in HTTP request parsing in Cisco AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the proxy process unexpectedly restarts.
The vulnerability occurs because the affected software does not properly allocate space for the HTTP header and any expected HTTP payload. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to cause a DoS condition when the proxy process unexpectedly reloads, which can cause traffic to be dropped.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa3
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBVzI0bK89gD3EAJB5AQJ3NRAA3fZtmhQZ1CLM9wpu08Oe1/xETVXNB7Es
YPIeZk/7rNcZe0RjrvXxQoJcZrNkq6hnExNwRaGeiKSulCAmXHU46v2gB2mbhYdx
FB7AYVXOHDKHZyEhCeZXRvq3sbIZu4A/AVPLZSADl3v35Jdwwo8G/pDt7lTQma6o
+qvLYXhToSTZuJM2IOxY63TSwSD8rVueZYvcPOAbD5w529tHwhIhmJ/OM6mqdJks
FcQ+p3qBhuJpv/UB3ffWrlVXCQgukW5al/6tYHUFNYETp/b7PqixWz/Xs5Ob7GRg
Pa8JE6ggkdwUn0Z5LNbHpU46wZyUMaQMLGTMwVlpiBlz5dxbq41Llo/vu9//ozNu
eFohMTKSR/l48u34gzeca6ffIkOmLv++nsM4xAnvJSnF4ooTOLoyqqEjghxIRAkR
BRrvLiy6SWKTuimpP0fhwGgGio7gDFP+nwdbgqXvx6JrEFCuc2rmHILLGH9CHWzH
/sKzWekfJOXRN+w/m2aIRqJ0tj//2MLOYldxtX4G61MdhKgnGk/f9DyEuUP65+iu
Kru4HMw8V+/OX5t+X0E02LfpKgMmOFKf3ZF00FvTLTOsi92ybBqw+OtuI+zY/x58
H9CZOTgqtreHpSiq2ItkUHOLIG5/d7oObop/Yk6ZvsYBsApXQfr+IU4WfdMaRstp
CcNZWjXOX10=
=Jy8r
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Web Security Appliance Connection Denial of Service Vulnerability
Advisory ID: cisco-sa-20160518-wsa4
Revision 1.0
For Public Release 2016 May 18 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability in Cisco AsyncOS for the Cisco Web Security Appliance (WSA) when the software handles a specific HTTP response code could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an appliance because the appliance runs out of system memory.
The vulnerability occurs because the software does not free client and server connection memory and system file descriptors when a certain HTTP response code is received in the HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to cause a DoS condition because the appliance runs out of system memory. When this happens, the device can no longer accept new incoming connection requests.
Cisco has released software updates that address this vulnerability. A workaround that addresses this vulnerability is also available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa4
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBVzI0k689gD3EAJB5AQIFTw//SVvwy5A6X4SY/r95dKR7bw6PhsZWlAyI
WkDUis7GTqaGtVQWBDJi4Dv2gzI53/i3y97fXlwqvxv+B/nj6L2AhJjH6j5wWtca
cplmOdDLSYupLp6jO+sQV4HXRMoDLCbLNkXsqSRjPsVPg+5U6DFVDzz2X+B7f1Rs
v6yw7hPpuujq71ZbnqhxNBX4Xl8h6BDzmGOtQq4V76Bjv48lN4ItI0wwpZ9ZShLn
3wky7iAhLZKwOazdYGNE13eyVCBhKHbIHZ3pgG8jkpBHizR/xCwp8K2D94JxTx3u
Gu+9GbFh4y3RQguA6QOCeI2aSThcKC3Ial7+bgnVX3+K9Kqwi3G+/fmjN8dXMxke
Y1FyRs/V9JT8dbVPqPhvE5cghlF3+9XIUiXMDVgkUvG69ZrmvlgPVIMCN55vHzfD
siaoBjyk4FOOzINzIypmnZAkZoyRoTghNQRG4Mc7rzy2dpKN+WYhFEY391i6aU5j
ZeYem0LS+BpFpUv1XrqEsQc6ND46Djsy6tCE30WY1u87QDXG99D9O76q16neM0Kc
qHv/wSZNS3I5hAdLq+JB6OJh31X5ZuiUlFdZumYw3u4fb/ehkjQ98ek2G9YDKMVO
nXMc0Aq8cWidUjP/RWnLFwvSX8TyfP3wuZAPeGk50mz1VhnBE1VzuYUXJKp1fXyc
QHExA8KC4xI=
=4sxz
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVz0LL36ZAP0PgtI9AQIoKBAA09H0iNxIkTjoEqoSChKGjbBsDMWKR9Rq
cj0SxSU/Dr5hpL67cdt477DLDigyrvFSdsJJi3u7vc2SgtWUNhdilSqJgF44Caq7
Fw1i/oaxRd7YWXrCIqf2+4I2xuZTHVzvqujnQTeBEXlCyEqQbZ9buy1bTIm1SeAt
pzmXbPgb/oY2VlLsO8lIudMmqEhD/qu7kDQWDODSRzDDNHfmaRU6YGWItSmocXcX
VnxfvqJzutmeJKNfVa9mQAYJRszXB5PO5zeH3rlMC+OK8yltfRZDuxPMJvweyYGU
OKx0LOOR/Yg1IpddgsL7n/ETnuwN4Fym65ezbgZT1QfZO7Hz4cNMJ0GEhDrvcPBt
OPB/BGdwIjoi8nN4HMl9IlAw9GyQoIwl8ejn06bx52XNrRypsyTsHddOeoSh9+PY
qALKFh9U7fee5UXVDhxm8nU/OzlbixCZoUbGEpTcj6r51Wxx1l6dTtzaYSPvozgM
IayjgTD1SjnUghnaskS6eUkaxRTUGujzxC69lBWkzSwxar+JP+9sPoJnImvHmaoF
KqaDkrF1e6lf11eL5hG45UuAM3FLwcltB1EfKz2/U1a6EMCrb//VV7x4Kca/iwXZ
/8d9OT/8jzL4mSLaWUq2hWXqxxo3/vJhn/fU0SH9+pRDu5z92GeWZTxAsYk7nklL
YKeQ8NtJyOM=
=tIZY
-----END PGP SIGNATURE-----