333 matches found
Juniper Secure Access crossite scripting
Crossite scripting in SSLVPN...
CVE-2012-3923
The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service device crash via a session involving a PPP over ATM PPPoA interface, aka...
CVE-2012-3924
The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service device crash via a session involving a PPP over ATM PPPoA interface, aka Bug ID CSCty97961...
Code injection
The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service device crash via a session involving a PPP over ATM PPPoA interface, aka...
Design/Logic Flaw
The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service device crash via a session involving a PPP over ATM PPPoA interface, aka Bug ID CSCty97961...
CVE-2012-3923
Cisco IOS SSL VPN DoS (CVE-2012-3923) affects IOS 12.4 and 15.0–15.2 when DTLS is not enabled. An authenticated remote user can trigger a crash via a PPPoA session by sending crafted packets to the SSL VPN component, exploiting an outbound ACL handling issue (Bug CSCte41827). Cisco advisory confi...
CVE-2012-3924
Cisco IOS SSL VPN DTLS implementation (15.1/15.2) contains a DoS by mis-handling certain outbound ACL configurations, enabling an authenticated remote user to crash the device via a PPPoA session (Bug ID CSCty97961). Exploitation involves SSL VPN traffic terminating over PPPoA; Cisco has released...
CVE-2012-3923
The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service device crash via a session involving a PPP over ATM PPPoA interface, aka...
CVE-2012-3924
The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service device crash via a session involving a PPP over ATM PPPoA interface, aka Bug ID CSCty97961...
Cisco IOS Software WebVPN and SSLVPN Vulnerabilities - Cisco Systems
Cisco IOS software contains two vulnerabilities within the Cisco IOS WebVPN or Cisco IOS SSLVPN feature SSLVPN that can be remotely exploited without authentication to cause a denial of service condition. Both vulnerabilities affect both Cisco IOS WebVPN and Cisco IOS SSLVPN features: - Crafted...
CVE-2009-2871
Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service device reload via a crafted encrypted packet, aka Bug ID CSCsq24002...
Code injection
Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service device reload via a crafted encrypted packet, aka Bug ID CSCsq24002...
CVE-2009-2871
CVE-2009-2871 applies to Cisco IOS 12.2 and 12.4, where SSLVPN, SSH, or IKE encrypted nonces enabled can be exploited by a crafted packet to cause a remote device reload (DoS). The vulnerability is tracked as CSCsq24002; Cisco advisories and the NVD entry assign a Base CVSS v2 score of 7.8 (Netwo...
Cisco Security Advisory: Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20090923-tls Revision 1.0 For Public Release 2009 September 23...
Cisco IOS multiple security vulnerabilities
Multiple DoS conditions in TCP, cTCP, Mobile IP/Mobile IPv6, WebVPN, SSLVPN implementations, SCP privilege escalation...
Cisco IOS WebVPN/SSLVPN远程拒绝服务漏洞
BUGTRAQ ID: 34239 CVECAN ID: CVE-2009-0628,CVE-2009-0627 Cisco IOS是思科网络设备所使用的互联网操作系统。 Cisco SSLVPN功能是增强版本的WebVPN功能,允许Internet中任意位置的用户远程访问企业站点。 如果接收到了特制的HPPTS报文,配置了SSLVPN功能的设备可能重载或挂起。必须完成SSLVPN功能相关TCP端口的三重握手才可以成功利用这个漏洞,但无需认证。SSLVPN默认的TCP端口号为443。...
CVE-2009-0628
Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service memory consumption and device crash by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block TCB leak...
CVE-2009-0626
The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service device reload or hang via a crafted HTTPS packet...
Design/Logic Flaw
The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service device reload or hang via a crafted HTTPS packet...
Design/Logic Flaw
Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service memory consumption and device crash by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block TCB leak...