CVE-2009-1202
Severity Score
6.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705.
WebVPN en los dispositivos Cisco Adaptive Security Appliances (ASA) con software 8.0(4), 8.1.2, y 8.2.1 permite a atacantes remotos eludir ciertos mecanismos de protección que impliquen la reescritura de URL y HTML y realizar ataques de secuencias de comandos en sitios cruzados (XSS) modificando el primer carácter codificado hexadecimal en una URI /+CSCO+, alias Bug ID CSCsy80705.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-03-31 CVE Reserved
- 2009-06-25 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/35511 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/504516/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/35480 | Vdb Entry | |
| http://www.securitytracker.com/id?1022457 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2009/1713 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Search vendor "Cisco" for product "Adaptive Security Appliance" | 8.0\(4\) Search vendor "Cisco" for product "Adaptive Security Appliance" and version "8.0\(4\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Adaptive Security Appliance Search vendor "Cisco" for product "Adaptive Security Appliance" | * | - |
Affected
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Search vendor "Cisco" for product "Adaptive Security Appliance" | 8.1.2 Search vendor "Cisco" for product "Adaptive Security Appliance" and version "8.1.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Adaptive Security Appliance Search vendor "Cisco" for product "Adaptive Security Appliance" | * | - |
Affected
|
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Search vendor "Cisco" for product "Adaptive Security Appliance" | 8.2.1 Search vendor "Cisco" for product "Adaptive Security Appliance" and version "8.2.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Adaptive Security Appliance Search vendor "Cisco" for product "Adaptive Security Appliance" | * | - |
Affected
|