Vulnerability Details : CVE-2014-3285
Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674.
Vulnerability category: Denial of service
Products affected by CVE-2014-3285
- cpe:2.3:a:cisco:wide_area_application_services:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.3\(.1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.2\(.1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.3\(.5\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.1\(.1e\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.1\(.1c\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.3\(.3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.1\(.1f\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.1\(.1d\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.1\(.1b\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.1\(.1a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.1\(.1\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-3285
1.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3285
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-3285
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3285
-
http://www.securityfocus.com/bid/67696
Cisco Wide Area Application Services CVE-2014-3285 Remote Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=34395
Cisco Wide Area Application Services Partial Denial of Service VulnerabilityVendor Advisory
-
http://secunia.com/advisories/58806
Sign inPermissions Required
-
http://www.securitytracker.com/id/1030307
Cisco Wide Area Application Services SharePoint Acceleration Flaw Lets Remote Users Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3285
Cisco Wide Area Application Services Partial Denial of Service VulnerabilityVendor Advisory
Jump to