CVE-2010-4677

Description

emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (daemon crash) via a request for a document whose name contains space characters, aka Bug ID CSCsy08416.

Related CPE's

ociscoadaptive_security_appliance_software********

ociscoadaptive_security_appliance_software7.0*******

ociscoadaptive_security_appliance_software7.0\(0\)*******

ociscoadaptive_security_appliance_software7.0\(2\)*******

ociscoadaptive_security_appliance_software7.0\(4\)*******

ociscoadaptive_security_appliance_software7.0\(5\)*******

ociscoadaptive_security_appliance_software7.0\(5.2\)*******

ociscoadaptive_security_appliance_software7.0\(6.7\)*******

ociscoadaptive_security_appliance_software7.0.1*******

ociscoadaptive_security_appliance_software7.0.1.4*******

References

http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf

45767

42931

1024963

asa-emweb-dos(64603)

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:N/I:N/A:P

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

NONE

AvailabilityImpact

PARTIAL

BaseScore

5

Created by Yello
About Severity.io