Cisco Web Security Appliance proxy Restriction Bypass Vulnerability (CVE-2016-1296)

Cisco Web Security Appliance proxy Restriction Bypass Vulnerability (CVE-2016-1296)
Cisco Web Security Appliance proxy Restriction Bypass Vulnerability (CVE-2016-1296)

Release date:
Updated on:

Affected Systems:

Cisco Web Security Appliance 9.5.0-235
Cisco Web Security Appliance 9.1.0-000
Cisco Web Security Appliance 8.5.3-055

Description:

CVE (CAN) ID: CVE-2016-1296

Cisco Web Security Appliance is a secure Web gateway that integrates Malware Protection, visual application control, and policy control on a single platform.

Cisco Web Security Appliance (WSA) device. If the software version is 8.5.3-055, 9.1.0-000, and 9.5.0-235, the proxy engine has a Security vulnerability. Remote attackers can exploit this vulnerability to bypass the target proxy restriction through malformed HTTP methods.

<* Source: Cisco

Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160119-wsa
*>

Suggestion:

Vendor patch:

Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20160119-wsa) and patches for this:
Cisco Web Security Appliance Security Bypass Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160119-wsa

This article permanently updates the link address: