CVE-2015-6285

Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497.

Published: Sep 14, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-6285
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P

CWEs:

CWE-134

Affected Software
References

Software	From	Fixed in
cisco / email_security_appliance	7.6.0	7.6.0.x
cisco / email_security_appliance	8.0.0	8.0.0.x

http://tools.cisco.com/security/center/viewAlert.x?alertId=40844
http://www.securitytracker.com/id/1033531

Vulnerability Database

289,697

CVE-2015-6285