263 matches found
CVE-2009-1202
Cisco ASA Web VPN vulnerability CVE-2009-1202 affects ASA software 8.0(4), 8.1.2, and 8.2.1. The issue arises in the Web VPN DOM wrapper and URL rewriting: Rot13-encoded/hex-encoded URL parameters can be manipulated to bypass protections and trigger Cross-Site Scripting (XSS) in the browser. Trus...
CVE-2009-1201
Cisco ASA Web VPN vulnerability CVE-2009-1201 affects ASA with Web VPN (clientless SSL VPN) on versions 8.0(4), 8.1.2, and 8.2.1. The issue lies in the csco_wrap_js function in /+CSCOL+/cte.js, which uses CSCO_WebVPN['process'] to compute html and then evals the result, allowing an attacker-contr...
CVE-2009-1201
Eval injection vulnerability in the cscowrapjs function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting XSS attacks by setting CSCOWebVPN'process...
Cisco ASA Appliance 8.x - WebVPN DOM Wrapper Cross-Site Scripting
Cisco ASA Appliance 8.x - WebVPN DOM Wrapper Cross-Site Scripting source: https://www.securityfocus.com/bid/35476/info Cisco ASA Adaptive Security Appliance is prone to a cross-site scripting vulnerability because its Web VPN fails to properly sanitize user-supplied input. An attacker may leverag...
Cisco ASA Appliance 8.x - WebVPN DOM Wrapper Cross-Site Scripting
source: https://www.securityfocus.com/bid/35476/info Cisco ASA Adaptive Security Appliance is prone to a cross-site scripting vulnerability because its Web VPN fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
Preemptive Protection against Cisco ASA Appliance WebVPN Cross Site Scripting Vulnerability
Cisco ASA is vulnerable to cross-site scripting vulnerability. The vulnerability is caused by improper validation of user-supplied input by the index.html page. An attacker may leverage this issue via the Host HTTP header to execute script in a victim's Web browser and steal cookie-based...
Cross site scripting
Cross-site scripting XSS vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances ASA 5520 with software 7.2430 and earlier 7.2 versions including 7.2222, and 8.0428 and earlier 8.0 versions, when clientless mode is enabled, allows remote attackers to inject...
CVE-2009-1220
Cross-site scripting XSS vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances ASA 5520 with software 7.2430 and earlier 7.2 versions including 7.2222, and 8.0428 and earlier 8.0 versions, when clientless mode is enabled, allows remote attackers to inject...
CVE-2009-1220
Cisco ASA WebVPN Cross-Site Scripting (CVE-2009-1220) affects WebVPN clientless mode on ASA 5520 with software 7.2(4)30 and older 7.2x and 8.0x (e.g., 8.0(4)28 and earlier). Root cause: improper input validation in index.html allows injecting script via the Host HTTP header, enabling remote XSS. ...
CVE-2009-1220
Cross-site scripting XSS vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances ASA 5520 with software 7.2430 and earlier 7.2 versions including 7.2222, and 8.0428 and earlier 8.0 versions, when clientless mode is enabled, allows remote attackers to inject...
Cisco ASA Software WebVPN Cross-Site Scripting Vulnerability
Cisco ASA Software versions 8.0.428 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient input validation within the WebVPN clientless mode feature. Attackers could exploit this...
Cisco IOS multiple security vulnerabilities
Multiple DoS conditions in TCP, cTCP, Mobile IP/Mobile IPv6, WebVPN, SSLVPN implementations, SCP privilege escalation...
Cisco ASA Appliance 7.x8.0 WebVPN - Cross-Site Scripting
Cisco ASA Appliance 7.x8.0 WebVPN - Cross-Site Scripting source: https://www.securityfocus.com/bid/34307/info Cisco ASA is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...
Cisco ASA Appliance 7.x/8.0 WebVPN - Cross-Site Scripting
source: https://www.securityfocus.com/bid/34307/info Cisco ASA is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication...
Cisco IOS WebVPN/SSLVPN远程拒绝服务漏洞
BUGTRAQ ID: 34239 CVECAN ID: CVE-2009-0628,CVE-2009-0627 Cisco IOS是思科网络设备所使用的互联网操作系统。 Cisco SSLVPN功能是增强版本的WebVPN功能,允许Internet中任意位置的用户远程访问企业站点。 如果接收到了特制的HPPTS报文,配置了SSLVPN功能的设备可能重载或挂起。必须完成SSLVPN功能相关TCP端口的三重握手才可以成功利用这个漏洞,但无需认证。SSLVPN默认的TCP端口号为443。...
Cisco Security Advisory: Cisco IOS Software WebVPN and SSLVPN Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software WebVPN and SSLVPN Vulnerabilities Advisory ID: cisco-sa-20090325-webvpn http://www.cisco.com/warp/public/707/cisco-sa-20090325-webvpn.shtml Revision 1.0 For Public Release 2009 March 25 1600 UTC GMT -...
Cisco IOS Software WebVPN and SSLVPN Vulnerabilities
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets Advisory ID: cisco-sa-20070522-SSL http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml Revision 1.0 For Public Release 2007 May 22 1300 UTC GMT -...
Large enterprises within the network penetration of the common software has a breaking point-vulnerability warning-the black bar safety net
Some enterprise-level network, especially in Europe and the United States of large companies, the network structure of the General characteristics is the dmz Zone and the internal network is substantially isolated from the domain into the clear, the permissions are set meticulous and strict,...
CVE-2006-3073
Multiple cross-site scripting XSS vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances ASA, when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in ...