CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 2CVE-2009-1201 – Cisco ASA Appliance 8.x - WebVPN DOM Wrapper Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1201
Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694. Vulnerabilidad de inyección "Eval" en la función csco_wrap_js en /+CSCOL+/cte.js en WebVPN en los dispositivos Cisco Adaptive Security Appliances (ASA) con software 8.0(4), 8.1.2, y 8.2.1, permite a atacantes remotos eludir un envoltorio (wrapper) DOM y realizar ataques de secuencias de comandos en sitios cruzados (XSS) configurando el valor CSCO_WebVPN['process'] con el nombre de la función modificada, alias Bug ID CSCsy80694. The Cisco ASA Web VPN versions 8.0(4), 8.1.2, and 8.2.1 suffer from cross site scripting, credential theft, and html rewriting bypass vulnerabilities. • https://www.exploit-db.com/exploits/33055 http://secunia.com/advisories/35511 http://www.securityfocus.com/archive/1/504516/100/0/threaded http://www.securityfocus.com/bid/35476 http://www.securitytracker.com/id?1022457 http://www.vupen.com/english/advisories/2009/1713 https://www.trustwave.com/spiderlabs/advisories/TWSL2009-002.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2009-1202 – Cisco ASA Web VPN Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-1202
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705. WebVPN en los dispositivos Cisco Adaptive Security Appliances (ASA) con software 8.0(4), 8.1.2, y 8.2.1 permite a atacantes remotos eludir ciertos mecanismos de protección que impliquen la reescritura de URL y HTML y realizar ataques de secuencias de comandos en sitios cruzados (XSS) modificando el primer carácter codificado hexadecimal en una URI /+CSCO+, alias Bug ID CSCsy80705. The Cisco ASA Web VPN versions 8.0(4), 8.1.2, and 8.2.1 suffer from cross site scripting, credential theft, and html rewriting bypass vulnerabilities. • http://secunia.com/advisories/35511 http://www.securityfocus.com/archive/1/504516/100/0/threaded http://www.securityfocus.com/bid/35480 http://www.securitytracker.com/id?1022457 http://www.vupen.com/english/advisories/2009/1713 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 3%CPEs: 4EXPL: 2CVE-2009-1203 – Cisco Adaptive Security Appliance 8.x - Web VPN FTP or CIFS Authentication Form Phishing
https://notcve.org/view.php?id=CVE-2009-1203
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709. WebVPN en los dispositivos Cisco Adaptive Security Appliances (ASA) con software 8.0(4), 8.1.2, y 8.2.1 no distingue de manera apropiada su propia pantalla de login de las pantallas de login que produce para servidores (1) FTP and (2) CIFS de terceros, lo que facilita a atacantes remotos engañar a un usuario enviándole credenciales WebVPN para un servidor de su elección mediante una URL asociada con este servidor, alias Bug ID CSCsy80709. The Cisco ASA Web VPN versions 8.0(4), 8.1.2, and 8.2.1 suffer from cross site scripting, credential theft, and html rewriting bypass vulnerabilities. • https://www.exploit-db.com/exploits/33054 http://secunia.com/advisories/35511 http://www.securityfocus.com/archive/1/504516/100/0/threaded http://www.securityfocus.com/bid/35475 http://www.securitytracker.com/id?1022457 http://www.vupen.com/english/advisories/2009/1713 •