CVE-2016-1296 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2016-1296

CWE

https://cwe.mitre.org/data/definitions/254.html

The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848.

Affected Software

Name	Vendor	Start Version	End Version
Web_security_appliance	Cisco	8.5.3-055 (including)	8.5.3-055 (including)
Web_security_appliance	Cisco	9.1.0-000 (including)	9.1.0-000 (including)
Web_security_appliance	Cisco	9.5.0-235 (including)	9.5.0-235 (including)

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160119-wsa
http://www.securitytracker.com/id/1034763