CVE-2009-1202

2009-06-2517:30:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.002

Percentile

59.5%

JSON

WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705.

Affected configurations

Nvd

Node

ciscoadaptive_security_applianceMatch8.0\(4\)

ciscoadaptive_security_applianceMatch8.1.2

ciscoadaptive_security_applianceMatch8.2.1

AND

ciscoadaptive_security_appliance

VendorProductVersionCPE
ciscoadaptive_security_appliance8.0(4)cpe:2.3:a:cisco:adaptive_security_appliance:8.0\(4\):*:*:*:*:*:*:*
ciscoadaptive_security_appliance8.1.2cpe:2.3:a:cisco:adaptive_security_appliance:8.1.2:*:*:*:*:*:*:*
ciscoadaptive_security_appliance8.2.1cpe:2.3:a:cisco:adaptive_security_appliance:8.2.1:*:*:*:*:*:*:*
ciscoadaptive_security_appliance*cpe:2.3:h:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	adaptive_security_appliance	8.0(4)	cpe:2.3:a:cisco:adaptive_security_appliance:8.0\(4\):::::::*
cisco	adaptive_security_appliance	8.1.2	cpe:2.3:a:cisco:adaptive_security_appliance:8.1.2:::::::*
cisco	adaptive_security_appliance	8.2.1	cpe:2.3:a:cisco:adaptive_security_appliance:8.2.1:::::::*
cisco	adaptive_security_appliance	*	cpe:2.3:h:cisco:adaptive_security_appliance::::::::