CVE-2016-6437

A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation. More Information: CSCva03095. Known Affected Releases: 5.3(5), 6.1(1), 6.2(1). Known Fixed Releases: 5.3(5g)1, 6.2(2.32).

Published: Oct 27, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-6437
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: High
Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
cisco / wide_area_application_services	6.1.0	6.1.0.x
cisco / wide_area_application_services	6.2.1a	6.2.1a.x
cisco / wide_area_application_services	6.2.1	6.2.1.x
cisco / wide_area_application_services	5.3.5a	5.3.5a.x
cisco / wide_area_application_services	5.3.5	5.3.5.x
cisco / wide_area_application_services	5.3.5b	5.3.5b.x
cisco / wide_area_application_services	5.3.5c	5.3.5c.x
cisco / wide_area_application_services	5.3.5d	5.3.5d.x
cisco / wide_area_application_services	5.3.1	5.3.1.x
cisco / wide_area_application_services	5.3.5f	5.3.5f.x
cisco / wide_area_application_services	6.1.1	6.1.1.x
cisco / wide_area_application_services	5.3.3	5.3.3.x
cisco / wide_area_application_services	5.3.5e	5.3.5e.x

Vulnerability Database

290,206

CVE-2016-6437