关键信息 漏洞标题:Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability 严重性:High CVE ID:CVE-2015-6292 CWE ID:CWE-399 CVSS:Base 7.8, Temporal 6.4 发布时间: - First Published:2015年11月4日 16:00 GMT - Last Updated: 2015年11月20日 17:48 GMT 影响产品:Cisco AsyncOS Software versions 8.0 through 8.8 for Cisco Web Security Appliance (WSA) on both virtual and hardware appliances. 漏洞描述:A vulnerability in the proxy cache functionality of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the device runs out of system memory. The vulnerability is due to improper memory operations by the affected software. The software fails to free a memory object when it retrieves data from the proxy server cache to terminate a TCP connection. An attacker could exploit this vulnerability by opening many proxy connections through the WSA. An exploit could allow the attacker to cause the WSA to stop passing traffic when enough memory is leaked. 缓解措施: customers are advised to consult the Cisco Security Advisories and Notices archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution. 注意:如果网页上还有其他安全公告和漏洞信息,请一并提供。通过提供的链接可以进一步访问其他相关的安全公告和漏洞信息。