-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability Advisory ID: cisco-sa-20160309-csc Revision 1.0 For Public Release 2016 March 09 16:00 GMT (UTC) +--------------------------------------------------------------------- Summary ======= A vulnerability in the HTTPS inspection engine of the Cisco ASA Content Security and Control Security Services Module (CSC-SSM) could allow an unauthenticated, remote attacker to cause exhaustion of available memory, system instability, and a reload of the affected system. The vulnerability is due to improper handling of HTTPS packets transiting through the affected system. An attacker could exploit this vulnerability by sending HTTPS packets through the affected system at high rate. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-csc -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJW4CazAAoJEK89gD3EAJB5o5YQAMQYMbfDew3kqQ9ntfXBuySb suvOc20TJ+/mOJ+nbxa/afXaTh3wYIdgVBoGT8ekxGm4X5KZPVfJ5clV6HFxNRNd M5C+EFXPL3396k9ec3lipGGR2a4wzLKoQY9sKjeNyY3Nq1pumTTY3iPcltMEDfaN VM5FrRJIdCCKEJvoLmdZa7vLkt9O3aqXKlJQuoHcYmYcTnUrF8Lc9KsO/A3CMDLk EnTZrtXyiagNn3uB7nMYDiIwFMEFt+MJSIDh1Fr8Hpd/eRLv8nWetLvfuhfwdGmC lREb/ozJB9pDrutxVV7DYUKEEakFdxeBBxGGwcUAIOY99RjBwvPZqw08rd3jNWI3 K7DTYptb2cOCMNMGaaUO3Ei2u4hpgL//Dv9Ug3wh87S6hThKriMvtRNL1895BxBP HkNWrRVvJmczXo9AfY6XOIej4FbQ4Is13WyH/oR4X8vkuhD7ZcGsfQFK7e1d/Kw8 ShXr7bp+XhPBtOfKs4ETISZ9zREVlrKh7MKb4TJtFIKSIQ/WKXvFALWXDBEAueO8 r+ngNmHzTzpcG2laL8t/M2dxRKL6Dl9zK5LhsqbrgLHi/9d/iAlid65ri4R+hcao UcOfLsO+ag9gpLc4eeoJOFGy7Vzfss712B/gqW8DKXFo0yhf0YWBQeDTNO6DOpeZ hckk5kAkrcFSBoJowmC1 =K437 -----END PGP SIGNATURE-----