WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote malicious users to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco adaptive_security_appliance 8.2.1 |
||
cisco adaptive_security_appliance 8.1.2 |
||
cisco adaptive_security_appliance 8.0\\(4\\) |
||
cisco adaptive_security_appliance |