VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 6, 2015· Updated May 6, 2026

CVE-2015-6293

CVE-2015-6293

Description

Cisco AsyncOS on Web Security Appliance fails to free memory after file-range requests, allowing unauthenticated remote attackers to cause denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cisco AsyncOS on Web Security Appliance fails to free memory after file-range requests, allowing unauthenticated remote attackers to cause denial of service.

Vulnerability

A memory leak vulnerability exists in the file-range request handling of Cisco AsyncOS on Web Security Appliance (WSA) devices. The flaw is due to a failure to free memory when a file range is requested through the WSA. Affected versions include AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 [1].

Exploitation

An unauthenticated, remote attacker can exploit this vulnerability by opening multiple connections that request file ranges through the WSA. No authentication or special network position is required; the attacker only needs to send crafted HTTP range requests to the appliance [1].

Impact

Successful exploitation causes the WSA to exhaust available system memory, leading to a denial of service (DoS) condition where the appliance stops passing traffic. The impact is limited to availability; no data confidentiality or integrity is compromised [1].

Mitigation

Cisco has released software updates to address this vulnerability. Fixed versions include 8.0.8-113, 8.5.3-051, 8.7.0-171-LD, and 8.8.0-085. A workaround is also available, as noted in the advisory [1]. Administrators should upgrade to a patched release or apply the recommended workaround.

References
  1. Cisco Security Advisory: Cisco Web Security Appliance Range Request Denial of Service Vulnerability

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

11
  • Cisco Systems, Inc./Web Security Appliance10 versions
    cpe:2.3:a:cisco:web_security_appliance:8.0.0-000:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:cisco:web_security_appliance:8.0.0-000:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:web_security_appliance:8.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:web_security_appliance:8.0.5:hp1:*:*:*:*:*:*
    • cpe:2.3:a:cisco:web_security_appliance:8.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:web_security_appliance:8.0.6-078:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:web_security_appliance:8.0.7-142:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:web_security_appliance:8.0.8-mr-113:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:web_security_appliance:8.5.0.000:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:web_security_appliance:8.5.0-497:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:web_security_appliance:8.5.2-024:*:*:*:*:*:*:*
  • Cisco Systems, Inc./AsyncOS Software for Web Security Appliances (WSA)llm-fuzzy
    Range: >=8.0 <8.0.8-113, >=8.1 <8.5.3-051, >=8.5 <8.5.3-051, >=8.6 <8.7.0-171-LD, >=8.7 <8.7.0-171-LD, >=8.8 <8.8.0-085

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.