Improper input validation in Cisco Content_security_management_appliance

CVE-2013-5537

The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers t…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.004 (60.6th percentile) — read the EPSS interpretation.

Affected products

Cisco Content_security_management_appliance
Cisco Email_security_appliance_firmware
Cisco Web_security_appliance
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

20131022 Cisco WSA, ESA, and SMA Management GUI Denial of Service Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)