Check Point Advisories

Preemptive Protection against Cisco ASA Appliance WebVPN Cross Site Scripting Vulnerability

Check Point Reference: CPAI-2009-067
Date Published: 14 Apr 2009
Severity: Medium
Last Updated: Thursday 01 January, 2009
Source: Bugtraq ID: 34307
Industry Reference:CVE-2009-1220
Protection Provided by:
Who is Vulnerable? Cisco, ASA 5520
Cisco, IOS 7.2(2)22
Vulnerability Description Cisco ASA is vulnerable to cross-site scripting vulnerability. The vulnerability is caused by improper validation of user-supplied input by the index.html page. An attacker may leverage this issue via the Host HTTP header to execute script in a victim's Web browser and steal cookie-based authentication credentials.
Update/Patch AvaliableNo solution available as of April 13, 2009.
Vulnerability DetailsAn attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious HTTP request.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK