35 matches found
CVE-2016-6436
Affected: Cisco Host Scan Engine (Host Scan package) in ASA Web VPN. Versions 3.0.08062 through 3.1.14018 are vulnerable to cross-site scripting (XSS) via a crafted URL in the HostScan Engine. Root cause: insufficient input validation allowing injection of arbitrary script/HTML when processing us...
Cisco Host Scan Package Cross-Site Scripting Vulnerability
A vulnerability in the Cisco Host Scan package could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of a Cisco Adaptive Security Appliance ASA Web VPN deployment. The vulnerability is due to insufficient input validation of a user-supplied...
Vulnerability of Cisco IOS software, which allows a malicious actor to trigger a service failure
The vulnerability in the SSL VPN function known as WebVPN in Cisco IOS allows malicious actors to trigger a service failure excessive memory consumption by using specially crafted HTTP requests...
CVE-2013-5557
The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance ASA Software 9.1.2 and earlier allows remote authenticated users to cause a denial of service device crash or error-recovery event via an HTTP request that triggers a rewrite, aka Bug ID...
Cisco Adaptive Security Appliance 8.x Web VPN FTP or CIFS Authentication Form Phishing Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35475/info Cisco Adaptive Security Appliance ASA is prone to a vulnerability that can aid in phishing attacks. An attacker can exploit this issue to display a fake login window that's visually similar to the device's logi...
PT-2013-4371 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliances ASA devices affected versions not specified Description: A cross-site scripting XSS issue in the WebVPN portal login page allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
Cisco ASA 8.x - VPN SSL Module Clientless URL-list control Bypass
Cisco ASA 8.x - VPN SSL Module Clientless URL-list control Bypass ============================================= INTERNET SECURITY AUDITORS ALERT 2009-013 - Original release date: December 7th, 2009 - Last revised: December 16th, 2009 - Discovered by: David Eduardo Acosta Rodriguez - Severity: 4/1...
CVE-2009-2631 Clientless SSL VPN products break web browser domain-based security models
Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in...
Clientless SSL VPN products break web browser domain-based security models
Overview Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or conduct other web-based attacks. Description Web browsers enforce the same origin policy to prevent one...
Cisco ASA Web VPN Vulnerabilities
Trustwave's SpiderLabs Security Advisory TWSL2009-002: Cisco ASA Web VPN Multiple Vulnerabilities Published: 2009-06-24 Version: 1.0 Vendor: Cisco Systems, Inc. http://www.cisco.com Versions affected: 8.04, 8.1.2, and 8.2.1 Description: Cisco's Adaptive Security Appliance ASA provides a number of...
Cisco ASA Web VPN multiple security vulnerabilities
Crossite scripting, filtering bypass, information leak...
Trustwave's SpiderLabs Security Advisory TWSL2009-002
Trustwave's SpiderLabs Security Advisory TWSL2009-002: Cisco ASA Web VPN Multiple Vulnerabilities Published: 2009-06-24 Version: 1.0 Vendor: Cisco Systems, Inc. http://www.cisco.com Versions affected: 8.04, 8.1.2, and 8.2.1 Description: Cisco's Adaptive Security Appliance ASA provides a number of...
Cisco Adaptive Security Appliance 8.x - Web VPN FTP or CIFS Authentication Form Phishing
source: https://www.securityfocus.com/bid/35475/info Cisco Adaptive Security Appliance ASA is prone to a vulnerability that can aid in phishing attacks. An attacker can exploit this issue to display a fake login window that's visually similar to the device's login window, which may mislead users...
Cisco ASA5520 Web VPN Host Header XSS
Cisco ASA5520 Web VPN Host Header XSS - Description Cross-site scripting. - Product Cisco, ASA5520, IOS 7.2222 - PoC Modified request: POST /+webvpn+/index.html HTTP/1.1 Host: "'scriptalert'BugsNotHugs'/scriptmeta httpequiv="" content='"www.owasp.org Accept: image/gif, image/x-xbitmap,...
Cisco ASA5520 Web VPN Cross Site Scripting
Cisco ASA5520 Web VPN Host Header XSS - Description Cross-site scripting. - Product Cisco, ASA5520, IOS 7.2222 - PoC Modified request: POST /+webvpn+/index.html HTTP/1.1 Host: "'alert'BugsNotHugs' alert'BugsNotHugs'meta httpequiv="" content='"www.owasp...