CVE-2009-1202

2009-06-2517:30:00

CWE-79

[email protected]

web.nvd.nist.gov

webvpn

cisco

asa

xss

cross-site scripting

cisco

vulnerability

cve-2009-1202

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.1%

JSON

WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705.

CPENameOperatorVersion
cisco:adaptive_security_appliancecisco adaptive security applianceeq8.0\(4\)
cisco:adaptive_security_appliancecisco adaptive security applianceeq8.1.2
cisco:adaptive_security_appliancecisco adaptive security applianceeq8.2.1
cisco:adaptive_security_appliancecisco adaptive security applianceeq*

CPE	Name	Operator	Version
cisco:adaptive_security_appliance	cisco adaptive security appliance	eq	8.0\(4\)
cisco:adaptive_security_appliance	cisco adaptive security appliance	eq	8.1.2
cisco:adaptive_security_appliance	cisco adaptive security appliance	eq	8.2.1
cisco:adaptive_security_appliance	cisco adaptive security appliance	eq	*