CVE-2015-6285

Loading...

General

Score:6.4/10.0
Severity:Medium
Category:Input Validation Error

Impact Metrics

Confidentiality:None
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Published on 14/09/15 - Updated on 04/01/17

Description

Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497.

Category: Input Validation Error

CWE-134 (Format String Vulnerability)
The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems.

Security Notices

US National Vulnerability DatabaseCVE-2015-6285

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
ciscoemail_security_appliance

Share this vulnerability with:

Twitter Facebook LinkedIn Mail