CVE-2010-3902

OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list...

Cisco IOS Software WebVPN and SSLVPN Vulnerabilities - Cisco Systems

Cisco IOS software contains two vulnerabilities within the Cisco IOS WebVPN or Cisco IOS SSLVPN feature SSLVPN that can be remotely exploited without authentication to cause a denial of service condition. Both vulnerabilities affect both Cisco IOS WebVPN and Cisco IOS SSLVPN features: - Crafted...

CVE-2008-7257

CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances ASA 5580 series devices with software before 8.12 allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or...

CVE-2009-4910

Cross-site scripting XSS vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances ASA 5580 series devices with software before 8.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCsq78418...

Cross site scripting

Cross-site scripting XSS vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances ASA 5580 series devices with software before 8.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCsq78418...

Crlf injection

CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances ASA 5580 series devices with software before 8.12 allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or...

CVE-2008-7257

Cisco ASA WebVPN (WebVPN on ASA) is affected by a CRLF injection/HTTP response splitting vulnerability tracked as CVE-2008-7257. The flaw occurs in +webvpn+/index.html for ASA 5580-series devices with software before 8.1(2). An attacker can craft a URL containing %0d%0a sequences to inject arbitr...

CVE-2009-4910

CVE-2009-4910 is an XSS vulnerability in the WebVPN portal of Cisco ASA 5580 series devices running software before 8.1(2) (Bug ID CSCsq78418). It allows remote attackers to inject arbitrary web script/HTML via unspecified vectors. Documented impact is limited to the browser-based context; no exp...

CVE-2009-4910

Cross-site scripting XSS vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances ASA 5580 series devices with software before 8.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCsq78418...

Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances (cisco-sa-20100217-asa)

Binary data ciscoasamultipleflaws.nbin...

CVE-2010-0565

Cisco ASA 5500 Series is affected by CVE-2010-0565 via a WebVPN DTLS Denial of Service vulnerability. A malformed DTLS message sent to the DTLS port (default UDP 443) can cause a page fault and device reload when WebVPN and DTLS are enabled. Affected software versions include 7.2.x before 7.2(4.4...

CVE-2009-4455

The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance Cisco ASA 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended access restrictions and access unauthorized web site...

Design/Logic Flaw

WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party 1 FTP and 2 CIFS servers, which makes it easier for remote attackers to trick a user into sending...

CVE-2009-1203

WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party 1 FTP and 2 CIFS servers, which makes it easier for remote attackers to trick a user into sending...

CVE-2009-1202

WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting XSS attacks, by modifying the first hex-encoded character i...

CVE-2009-1201

Eval injection vulnerability in the cscowrapjs function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting XSS attacks by setting CSCOWebVPN'process...

Cross site scripting

WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting XSS attacks, by modifying the first hex-encoded character i...

CVE-2009-1203

WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party 1 FTP and 2 CIFS servers, which makes it easier for remote attackers to trick a user into sending...

CVE-2009-1201

Eval injection vulnerability in the cscowrapjs function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting XSS attacks by setting CSCOWebVPN'process...

CVE-2009-1202

Cisco ASA Web VPN vulnerability CVE-2009-1202 affects ASA software 8.0(4), 8.1.2, and 8.2.1. The issue arises in the Web VPN DOM wrapper and URL rewriting: Rot13-encoded/hex-encoded URL parameters can be manipulated to bypass protections and trigger Cross-Site Scripting (XSS) in the browser. Trus...