Vulnerability Details : CVE-2013-5537
The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via multiple TCP connections, aka Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-5537
Probability of exploitation activity in the next 30 days: 0.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 46 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-5537
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2013-5537
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5537
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5537
Cisco WSA, ESA, and SMA Management GUI Denial of Service VulnerabilityVendor Advisory
Products affected by CVE-2013-5537
- cpe:2.3:h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*