CVE-2016-6407

Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
ciscoweb_security_appliance
5.6.0-623
ciscoweb_security_appliance
6.0.0-000
ciscoweb_security_appliance
7.1.0
ciscoweb_security_appliance
7.1.1
ciscoweb_security_appliance
7.1.2
ciscoweb_security_appliance
7.1.3
ciscoweb_security_appliance
7.1.4
ciscoweb_security_appliance
7.5.0-000
ciscoweb_security_appliance
7.5.0-825
ciscoweb_security_appliance
7.5.1-000
ciscoweb_security_appliance
7.5.2-000
ciscoweb_security_appliance
7.5.2-hp2-303
ciscoweb_security_appliance
7.7.0-000
ciscoweb_security_appliance
7.7.0-608
ciscoweb_security_appliance
7.7.1-000
ciscoweb_security_appliance
7.7.5-835
ciscoweb_security_appliance
8.0.0-000
ciscoweb_security_appliance
8.0.5
ciscoweb_security_appliance
8.0.6
ciscoweb_security_appliance
8.0.6-078
ciscoweb_security_appliance
8.0.6-119
ciscoweb_security_appliance
8.0.7
ciscoweb_security_appliance
8.0.7-142
ciscoweb_security_appliance
8.0.8-mr-113
ciscoweb_security_appliance
8.5.0-497
ciscoweb_security_appliance
8.5.0.000
ciscoweb_security_appliance
8.5.1-021
ciscoweb_security_appliance
8.5.2-024
ciscoweb_security_appliance
8.5.2-027
ciscoweb_security_appliance
8.5.3-055
ciscoweb_security_appliance
8.8.0-000
ciscoweb_security_appliance
8.8.0-085
ciscoweb_security_appliance
9.0.0-193
ciscoweb_security_appliance
9.0_base:_base
ciscoweb_security_appliance
9.1.0-000
ciscoweb_security_appliance
9.1.0-070
ciscoweb_security_appliance
9.1_base:_base
ciscoweb_security_appliance
9.5.0-235
ciscoweb_security_appliance
9.5.0-284
ciscoweb_security_appliance
9.5.0-444
ciscoweb_security_appliance
9.5_base:_base
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wsa
http://www.securityfocus.com/bid/92955
http://www.securitytracker.com/id/1036829
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wsa
http://www.securityfocus.com/bid/92955
http://www.securitytracker.com/id/1036829