Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.106079 |
Kategorie: | CISCO |
Titel: | Cisco Adaptive Security Appliance XML Parser Denial of Service Vulnerability |
Zusammenfassung: | A vulnerability in XML parser code of Cisco Adaptive Security Appliance;Software could allow an authenticated, remote attacker to cause system instability or a reload of the;affected system.;;The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could exploit;this vulnerability in multiple ways by utilizing a malicious file. An attacker with administrative privileges;could exploit this by uploading a malicious XML file on the system and trigger the XML code to parse the;malicious file. Additionally, an attacker with Clienteles SSL VPN access could exploit this vulnerability;by sending a crafted XML file. An exploit would allow the attacker to crash the XML parser process, which;could cause system instability, memory exhaustion, and in some cases lead to a reload of the affected system.;;Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability;are not available. |
Beschreibung: | Summary: A vulnerability in XML parser code of Cisco Adaptive Security Appliance Software could allow an authenticated, remote attacker to cause system instability or a reload of the affected system. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could exploit this vulnerability in multiple ways by utilizing a malicious file. An attacker with administrative privileges could exploit this by uploading a malicious XML file on the system and trigger the XML code to parse the malicious file. Additionally, an attacker with Clienteles SSL VPN access could exploit this vulnerability by sending a crafted XML file. An exploit would allow the attacker to crash the XML parser process, which could cause system instability, memory exhaustion, and in some cases lead to a reload of the affected system. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. Solution: See the referenced vendor advisory for a solution. CVSS Score: 6.8 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-1385 Cisco Security Advisory: 20160517 Cisco Adaptive Security Appliance XML Parser Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-xml http://www.securitytracker.com/id/1035976 |
Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |