发布日期：2013-06-27
更新日期：2013-07-01

受影响系统：

Cisco Web Security Appliance <= 7.7.0-550
Cisco Web Security Appliance <= 7.5.0-838
Cisco Web Security Appliance <= 7.1.3-013
Cisco Email Security Appliance <= 7.6.3-019
Cisco Email Security Appliance <= 7.5.2-203
Cisco Email Security Appliance <= 7.3.2-026
Cisco Email Security Appliance <= 7.1.5-104
Cisco Content Security Management Appliance <= 7.9.1-102
Cisco Content Security Management Appliance <= 7.7.0-213
Cisco Content Security Management Appliance <= 7.2.2-110

描述：

---

CVE(CAN) ID: CVE-2013-3384

Cisco Web Security Appliance是安全的Web网关，在一个平台上集成了恶意软件防护、应用可视化控制、策略控制等。Cisco IronPort AsyncOS是电子邮件安全设备。

Cisco Web Security Appliance设备上的IronPort AsyncOS在Web框架的实现上，以及Content Security Management Appliance设备和Email Security Appliance设备存在安全漏洞，经过身份验证的远程用户通过IPv4发送的URL特制命令行，利用此漏洞可执行任意命令。

<*来源：vendor
  
  链接：http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-20130626-wsa）以及相应补丁:
cisco-sa-20130626-wsa：Multiple Vulnerabilities in Cisco Web Security Appliance
链接：http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa

浏览次数：3886
严重程度：0（网友投票）