Vulnerability Details : CVE-2015-6309
Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211.
Vulnerability category: Denial of service
Products affected by CVE-2015-6309
- cpe:2.3:h:cisco:email_security_appliance:9.6.0-042:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:email_security_appliance_firmware:8.5.6-106:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-6309
0.73%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-6309
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:C |
8.0
|
6.9
|
NIST |
CWE ids for CVE-2015-6309
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-6309
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=41241
Cisco Email Security Appliance Max Files Denial of Service VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1033716
Cisco Email Security Appliance File Descriptor Bug Lets Remote Authenticated Users Cause the Target System to Reload - SecurityTrackerThird Party Advisory;VDB Entry
Jump to