CVE-2013-5537
CVSS V2 High 7.8
CVSS V3 None
Description
The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via multiple TCP connections, aka Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635.
Overview
- CVE ID
- CVE-2013-5537
- Assigner
- ykramarz@cisco.com
- Vulnerability Status
- Analyzed
- Published Version
- 2013-10-24T10:53:09
- Last Modified Date
- 2018-10-30T16:27:22
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:N/I:N/A:C
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- NONE
- Integrity Impact
- NONE
- Availability Impact
- COMPLETE
- Base Score
- 7.8
- Severity
- HIGH
- Exploitability Score
- 10
- Impact Score
- 6.9
References
Reference URL | Reference Tags |
---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5537 | Vendor Advisory |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2013-5537 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5537 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-05-10 17:57:34 | Added to TrackCVE | |||
2022-12-01 20:27:28 | psirt@cisco.com | ykramarz@cisco.com | CVE Assigner | updated |
2022-12-01 20:27:28 | 2013-10-24T10:53Z | 2013-10-24T10:53:09 | CVE Published Date | updated |
2022-12-01 20:27:28 | 2018-10-30T16:27:22 | CVE Modified Date | updated | |
2022-12-01 20:27:28 | Analyzed | Vulnerability Status | updated |