Vulnerability Details CVE-2016-6437
A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation. More Information: CSCva03095. Known Affected Releases: 5.3(5), 6.1(1), 6.2(1). Known Fixed Releases: 5.3(5g)1, 6.2(2.32).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.4%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 7.1
References
- http://www.securityfocus.com/bid/93524
- http://www.securitytracker.com/id/1037002
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-waas
- http://www.securityfocus.com/bid/93524
- http://www.securitytracker.com/id/1037002
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-waas
Products affected by CVE-2016-6437
-
cpe:2.3:a:cisco:wide_area_application_services:5.3.1
-
cpe:2.3:a:cisco:wide_area_application_services:5.3.3
-
cpe:2.3:a:cisco:wide_area_application_services:5.3.5
-
cpe:2.3:a:cisco:wide_area_application_services:5.3.5a
-
cpe:2.3:a:cisco:wide_area_application_services:5.3.5b
-
cpe:2.3:a:cisco:wide_area_application_services:5.3.5c
-
cpe:2.3:a:cisco:wide_area_application_services:5.3.5d
-
cpe:2.3:a:cisco:wide_area_application_services:5.3.5e
-
cpe:2.3:a:cisco:wide_area_application_services:5.3.5f
-
cpe:2.3:a:cisco:wide_area_application_services:6.1.0
-
cpe:2.3:a:cisco:wide_area_application_services:6.1.1
-
cpe:2.3:a:cisco:wide_area_application_services:6.2.1
-
cpe:2.3:a:cisco:wide_area_application_services:6.2.1a