Cisco patches borked web box proxy hole

Malformed HTTP methods blamed

Cisco has patched a vulnerability in its Web Security Appliance that allows unauthenticated remote attackers to bypass security controls.

The bug (CVE-2016-1296) allows attackers to use proxies when such traffic should be restricted.

Affected users of versions 8.5.3-055, 9.1.0-000, and 9.5.0-235 should apply the released fix. With all due haste, please, as no workarounds are available.

The Borg says the hole is thanks to malformed HTTP methods.

"A vulnerability in the proxy engine of the Cisco Web Security Appliance could allow an unauthenticated, remote attacker to bypass security restrictions," it says.

"The vulnerability is due to improper handling of malformed HTTP methods.

"A successful exploit could allow the attacker to circumvent [appliance] functionality that prevents proxied network traffic."

The hole is rated medium severity. ®

Biting the hand that feeds IT © 1998–2021