Описание
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705.
Ссылки
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:cisco:adaptive_security_appliance:8.0\(4\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:adaptive_security_appliance:8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:adaptive_security_appliance:8.2.1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00316
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
почти 4 года назад
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705.
EPSS
Процентиль: 54%
0.00316
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79