Unrated severityNVD Advisory· Published Feb 21, 2015· Updated May 6, 2026

CVE-2015-0624

Description

The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.

Affected products

Cisco Systems, Inc./Content Security Management Appliance
cpe:2.3:h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:*
Cisco Systems, Inc./Web Security Appliance
cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*
Cisco Systems, Inc./Email Security Appliance Firmware
cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/130525/Cisco-Ironport-AsyncOS-HTTP-Header-Injection.htmlnvdExploit
tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0624nvdVendor Advisory
www.securityfocus.com/bid/72702nvd
www.securitytracker.com/id/1031781nvd
www.securitytracker.com/id/1031782nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000