CVE-2015-0624

medium

Description

The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.

References

http://www.securitytracker.com/id/1031782

http://www.securitytracker.com/id/1031781

http://www.securityfocus.com/bid/72702

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0624

Details

Source: Mitre, NVD

Published: 2015-02-21

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00149