Unrated severityNVD Advisory· Published Oct 24, 2013· Updated Apr 29, 2026

CVE-2013-5537

Description

The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via multiple TCP connections, aka Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635.

Affected products

Cisco Systems, Inc./Web Security Appliance
cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*
Cisco Systems, Inc./Content Security Management Appliance
cpe:2.3:h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:*
Cisco Systems, Inc./Email Security Appliance Firmware
cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5537nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000