CVSS: 7.8EPSS: 0%CPEs: 58EXPL: 0CVE-2010-4679
https://notcve.org/view.php?id=CVE-2010-4679
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP socket exhaustion) by rejecting connection attempts, aka Bug ID CSCsz36816. Los dispositivos Cisco Adaptive Security Appliances (ASA) 5500 series con software anterior a 8.2(3) no manejan apropiadamente los fallos de conexión de OCSP ("Online Certificate Status Protocol"), lo que permite a los emisarios de respuestas OCSP provocar una denegación de servicio (consumo de todos los sockets TCP) rechazando intentos de conexión. También conocido como Bug ID CSCsz36816. • http://secunia.com/advisories/42931 http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf http://www.securityfocus.com/bid/45767 http://www.securitytracker.com/id?1024963 https://exchange.xforce.ibmcloud.com/vulnerabilities/64605 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 3CVE-2010-0440 – Cisco Secure Desktop 3.x - 'translation' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-0440
Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en +CSCOT+/translation en Cisco Secure Desktop v3.4.2048, y otras versiones anteriores a la v3.5; tal y como lo utiliza el appliance Cisco ASA anteriores a v8.2(1), v8.1(2.7), y v8.0(5); permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través de un parámetro POST manipulado, el cual no es correctamente gestionado por una declaración eval en binary/mainv.js que escribe start.html. • https://www.exploit-db.com/exploits/33567 http://secunia.com/advisories/38397 http://tools.cisco.com/security/center/viewAlert.x?alertId=19843 http://www.coresecurity.com/content/cisco-secure-desktop-xss http://www.securityfocus.com/archive/1/509290/100/0/threaded http://www.securityfocus.com/bid/37960 http://www.vupen.com/english/advisories/2010/0273 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2007-4786
https://notcve.org/view.php?id=CVE-2007-4786
Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information. Cisco Adaptive Security Appliance (ASA) funcionando en PIX 7.0 anterior a 7.0.7.1, 7.1 anterior a 7.1.2.61, 7.2 anterior a 7.2.2.34, y 8.0 before 8.0.2.11, when AAA is enabled, escribe mensajes %ASA-5-111008 desde el comando "test aaa" con contraseñas en texto plano y envía las mismas a través de la red a un servidor de registros del sistema remoto o los coloca en un búfer local de validación, lo caul permite a atacantes dependientes del contexto obtener información sensible. • http://osvdb.org/37499 http://secunia.com/advisories/26677 http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsj72903 http://www.kb.cert.org/vuls/id/563673 http://www.kb.cert.org/vuls/id/MIMG-74ZK93 http://www.securityfocus.com/bid/25548 http://www.securitytracker.com/id?1018660 http://www.vupen.com/english/advisories/2007/3076 https://exchange.xforce.ibmcloud.com/vulnerabilities/36473 • CWE-319: Cleartext Transmission of Sensitive Information •