[原文]Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 and earlier, when using URL, FTP, or HTTPS filtering exceptions, allows certain TCP packets to bypass access control lists (ACLs).
Cisco Firewall Services Module (FWSM) contains a flaw that may allow a malicious user to bypass ACE entries that will normally block these type of connections. The issue is triggered due to an error in the URL, FTP and HTTPS filtering function. It is possible that the flaw may allow ACE bypass resulting in a loss of integrity.
Upgrade to FWSM version 2.3(2) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.