Sign-up

ID

VAR-201709-0120


CVE

CVE-2015-0689


TITLE

Cisco Cloud Web Security Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-007902

DESCRIPTION

Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743. Cisco Cloud Web Security Contains a buffer error vulnerability and a data processing vulnerability. Vendors have confirmed this vulnerability Bug ID CSCut69743 It is released as.Information may be tampered with. The connector engine is one of the connector engines. The vulnerability stems from the fact that the program does not handle HTTP methods correctly

Trust: 1.71

sources: NVD: CVE-2015-0689 // JVNDB: JVNDB-2015-007902 // VULHUB: VHN-78635

AFFECTED PRODUCTS

vendor:ciscomodel:cloud web securityscope:lteversion:3.0.1.2

Trust: 1.0

vendor:ciscomodel:cloud web securityscope:ltversion:3.0.1.7

Trust: 0.8

vendor:ciscomodel:cloud web securityscope:eqversion:3.0.1.2

Trust: 0.6

sources: JVNDB: JVNDB-2015-007902 // CNNVD: CNNVD-201709-924 // NVD: CVE-2015-0689

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0689
value: HIGH

Trust: 1.0

NVD: CVE-2015-0689
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201709-924
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78635
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0689
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78635
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-0689
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-78635 // JVNDB: JVNDB-2015-007902 // CNNVD: CNNVD-201709-924 // NVD: CVE-2015-0689

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

problemtype:CWE-19

Trust: 1.9

sources: VULHUB: VHN-78635 // JVNDB: JVNDB-2015-007902 // NVD: CVE-2015-0689

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-924

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201709-924

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007902

PATCH
title:38221url:https://tools.cisco.com/security/center/viewAlert.x?alertId=38221
Trust: 0.8
title:Cisco Cloud Web Security connector Fixes for engine buffer error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74991
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-007902 // 
            
            
            
            CNNVD: CNNVD-201709-924

EXTERNAL IDS
db:NVDid:CVE-2015-0689
Trust: 2.5
db:JVNDBid:JVNDB-2015-007902
Trust: 0.8
db:CNNVDid:CNNVD-201709-924
Trust: 0.7
db:NSFOCUSid:37669
Trust: 0.6
db:VULHUBid:VHN-78635
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78635 // 
            
            
            
            JVNDB: JVNDB-2015-007902 // 
            
            
            
            CNNVD: CNNVD-201709-924 // 
            
            
            
            NVD: CVE-2015-0689

REFERENCES
url:https://tools.cisco.com/security/center/viewalert.x?alertid=38221
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0689
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-0689
Trust: 0.8
url:http://www.nsfocus.net/vulndb/37669
Trust: 0.6
sources:
            
            
            VULHUB: VHN-78635 // 
            
            
            
            JVNDB: JVNDB-2015-007902 // 
            
            
            
            CNNVD: CNNVD-201709-924 // 
            
            
            
            NVD: CVE-2015-0689

SOURCES
db:VULHUBid:VHN-78635
db:JVNDBid:JVNDB-2015-007902
db:CNNVDid:CNNVD-201709-924
db:NVDid:CVE-2015-0689

LAST UPDATE DATE
2025-04-20T23:04:19.502000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78635date:2017-09-22T00:00:00
db:JVNDBid:JVNDB-2015-007902date:2017-10-11T00:00:00
db:CNNVDid:CNNVD-201709-924date:2017-09-25T00:00:00
db:NVDid:CVE-2015-0689date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-78635date:2017-09-19T00:00:00
db:JVNDBid:JVNDB-2015-007902date:2017-10-11T00:00:00
db:CNNVDid:CNNVD-201709-924date:2017-09-25T00:00:00
db:NVDid:CVE-2015-0689date:2017-09-19T15:29:00.523