Cisco Email Security Appliance Denial of Service Vulnerability (CVE-2015-6309)
Cisco Email Security Appliance Denial of Service Vulnerability (CVE-2015-6309)
Release date:
Updated on:
Affected Systems:
Cisco Email Security Appliance 9.6.0-042
Cisco Email Security Appliance 8.5.6-106
Description:
CVE (CAN) ID: CVE-2015-6309
Cisco Email Security Appliance is an Email Security protection solution.
A Security vulnerability exists in the file descriptor processing of the Cisco Email Security Appliance. authenticated remote attackers can exploit this vulnerability to cause DOS. Attackers exploit this vulnerability by sending constructed HTTP requests to affected devices. This vulnerability occurs when the affected device fails to release the file descriptor.
<* Source: Cisco
Link: http://tools.cisco.com/security/center/viewAlert.x? AlertId = 41241
*>
Suggestion:
Vendor patch:
Cisco
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.cisco.com/c/en/us/products/security/email-security-appliance/index.html
This article permanently updates the link address: