CVE-2009-1220
Cisco ASA Appliance 7.x/8.0 WebVPN - Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(4)30 and earlier 7.2 versions including 7.2(2)22, and 8.0(4)28 and earlier 8.0 versions, when clientless mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the Host HTTP header.
Una vulnerabilidad de tipo cross-site scripting (XSS) en archivo +webvpn+/index.html en el WebVPN en los Adaptive Security Appliances (ASA) 5520 de Cisco con el software versiones 7.2(4)30 y anteriores a 7.2 incluyendo 7.2(2)22, y versiones 8.0(4)28 y anteriores a 8.0, cuando el modo clientless está habilitado, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del encabezado HTTP Host.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-03-31 First Exploit
- 2009-04-01 CVE Reserved
- 2009-04-01 CVE Published
- 2023-07-05 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0478.html | Mailing List | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=17950 | X_refsource_confirm |
|
| http://www.securityfocus.com/archive/1/502313/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/502932 | Mailing List | |
| http://www.securitytracker.com/id?1022122 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2009/1169 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49528 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/32878 | 2009-03-31 | |
| http://www.securityfocus.com/bid/34307 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Search vendor "Cisco" for product "Adaptive Security Appliance" | 5520 Search vendor "Cisco" for product "Adaptive Security Appliance" and version "5520" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 7.2\(2\)22 Search vendor "Cisco" for product "Ios" and version "7.2\(2\)22" | - |
Affected
| ||||||