Headline
CVE-2014-3407: Announcement Regarding Non-Cisco Product Security Alerts
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.
On 2019 September 15, Cisco stopped publishing non-Cisco product alerts � alerts with vulnerability information about third-party software (TPS). Cisco will continue to publish Security Advisories to address both Cisco proprietary and TPS vulnerabilities per the Cisco Security Vulnerability Policy. Cisco uses Release Note Enclosures to disclose the majority of TPS vulnerabilities; exceptions to this method are outlined in the Third-Party Software Vulnerabilities section of the Cisco Security Vulnerability Policy. The following links provide additional information.