Vulnerability Description
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Adaptive Security Appliance | 8.0\(4\) |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/35511
- http://www.securityfocus.com/archive/1/504516/100/0/threaded
- http://www.securityfocus.com/bid/35480
- http://www.securitytracker.com/id?1022457
- http://www.vupen.com/english/advisories/2009/1713
- http://secunia.com/advisories/35511
- http://www.securityfocus.com/archive/1/504516/100/0/threaded
- http://www.securityfocus.com/bid/35480
- http://www.securitytracker.com/id?1022457
- http://www.vupen.com/english/advisories/2009/1713
FAQ
What is CVE-2009-1202?
CVE-2009-1202 is a vulnerability with a CVSS score of 4.3 (MEDIUM). WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML re...
How severe is CVE-2009-1202?
CVE-2009-1202 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1202?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Adaptive Security Appliance.