Vulnerability in Cisco Email_security_appliance

CVE-2015-6309

Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211.

EPSS: 0.003 (54.4th percentile) — read the EPSS interpretation.

Affected products

Cisco Email_security_appliance — versions 9.6.0-042
Cisco Email_security_appliance_firmware — versions 8.5.6-106
N/a — versions n/a

Weakness classification (CWE)

CWE-399

References

20150930 Cisco Email Security Appliance Max Files Denial of Service Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1033716 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)