Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 29/12/2009 Updated: 10/10/2018

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Subscribe to Adaptive Security Appliance 5500

The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended access restrictions and access unauthorized web sites via a crafted URL obfuscated with ROT13 and a certain encoding. NOTE: this issue was originally reported as a vulnerability related to lack of restrictions to URLs listed in the Cisco WebVPN bookmark component, but the vendor states that "The bookmark feature is not a security feature."

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco adaptive security appliance 5500 7.0
cisco adaptive security appliance 5500 7.1
cisco adaptive security appliance 5500 7.2
cisco adaptive security appliance 5500 8.2
cisco adaptive security appliance 5500 8.0
cisco adaptive security appliance 5500 8.1

CWE-264 http://secunia.com/advisories/37710 http://tools.cisco.com/security/center/viewAlert.x?alertId=19609 http://osvdb.org/61132 http://www.securitytracker.com/id?1023368 http://www.vupen.com/english/advisories/2009/3577 http://www.securityfocus.com/archive/1/508530/100/0/threaded https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-4455

Vulnerability Summary

References

Vulmon Search

About

Products

Connect