CVE-2015-0624 Information

Description

The web framework in Cisco AsyncOS on Email Security Appliance (ESA) Content Security Management Appliance (SMA) and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header aka Bug IDs CSCur44412 CSCur44415 CSCur89630 CSCur89636 CSCur89633 and CSCur89639.

Reference

http://packetstormsecurity.com/files/130525/Cisco-Ironport-AsyncOS-HTTP-Header-Injection.html http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0624 http://www.securityfocus.com/bid/72702 http://www.securitytracker.com/id/1031781 http://www.securitytracker.com/id/1031782