WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-06-25T17:00:00
Updated: 2024-08-07T05:04:49.047Z
Reserved: 2009-03-31T00:00:00
Link: CVE-2009-1202
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-06-25T17:30:00.250
Modified: 2018-10-10T19:35:07.870
Link: CVE-2009-1202
Redhat
No data.