Release date:
Updated on:
Affected Systems:
Cisco Web Security application <= 7.7
Description:
--------------------------------------------------------------------------------
Bugtraq id: 66565
CVE (CAN) ID: CVE-2014-2137
Cisco Web Security Appliance is a secure Web gateway that integrates Malware Protection, visual application control, and policy control on a single platform.
The implementation of Cisco Web Security Appliance (WSA) 7.7 and earlier versions of the Web framework has an injection vulnerability, which allows remote attackers to use a specially crafted URL, attackers can exploit this vulnerability to inject arbitrary HTTP headers and perform redirection attacks.
<* Source: vendor
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.cisco.com/go/psirt
Http://tools.cisco.com/security/center/viewAlert.x? AlertId = 33608
Http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2137