Cisco Web Security Appliance proxy Restriction Bypass Vulnerability (CVE-2016-1296)
Cisco Web Security Appliance proxy Restriction Bypass Vulnerability (CVE-2016-1296)
Release date:
Updated on:
Affected Systems:
Cisco Web Security Appliance 9.5.0-235
Cisco Web Security Appliance 9.1.0-000
Cisco Web Security Appliance 8.5.3-055
Description:
CVE (CAN) ID: CVE-2016-1296
Cisco Web Security Appliance is a secure Web gateway that integrates Malware Protection, visual application control, and policy control on a single platform.
Cisco Web Security Appliance (WSA) device. If the software version is 8.5.3-055, 9.1.0-000, and 9.5.0-235, the proxy engine has a Security vulnerability. Remote attackers can exploit this vulnerability to bypass the target proxy restriction through malformed HTTP methods.
<* Source: Cisco
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160119-wsa
*>
Suggestion:
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20160119-wsa) and patches for this:
Cisco Web Security Appliance Security Bypass Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160119-wsa
This article permanently updates the link address: