ID
VAR-200904-0299
CVE
CVE-2009-1220
TITLE
Cisco Adaptive Security Appliances (ASA) Run on WebVPN of +webvpn+/index.html Vulnerable to cross-site scripting
Trust: 0.8
DESCRIPTION
Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(4)30 and earlier 7.2 versions including 7.2(2)22, and 8.0(4)28 and earlier 8.0 versions, when clientless mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the Host HTTP header. Cisco ASA is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials. Cisco ASA software versions 8.0.4(2B) and prior running on ASA 5500 Series Adaptive Security Appliances are vulnerable
Trust: 1.98
AFFECTED PRODUCTS
| vendor: | cisco | model: | adaptive security appliance | scope: | eq | version: | 5520 | Trust: 2.4 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 7.2\(2\)22 | Trust: 1.6 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2(3)006 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.1(2.5) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2(4) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.0(6.7) | Trust: 0.3 |
| vendor: | cisco | model: | asa series adaptive security appliance | scope: | eq | version: | 55007.0.4 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.0.1.4 | Trust: 0.3 |
| vendor: | cisco | model: | asa series adaptive security appliance | scope: | eq | version: | 55007.0.4.3 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(4) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2(4)10 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(2)17 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 6.0 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.0(6.33) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.1(2) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2(2.15) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2(1) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(3)9 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(4)25 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.1(2)78 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(3)10 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.1(2.27) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.0(7)16 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2.(2.17) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2.(2.16) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2(2.24) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2(2.14) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2(1.22) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(4)24 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2(3)2 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(3)14 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2(4)26 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2 | Trust: 0.3 |
| vendor: | cisco | model: | asa series adaptive security appliance | scope: | eq | version: | 55200 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(4)22 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2(4)9 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2(4)11 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.0(5.2) | Trust: 0.3 |
| vendor: | cisco | model: | asa series adaptive security appliance | scope: | eq | version: | 55007.0 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2.(2.7) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2.(2.8) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(2) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(4)28 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2.2 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(3) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.1(2)71 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.1.(2.49) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(4)6 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2(4)30 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.0(8)3 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.1(2)70 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.1(2)82 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.0(8)6 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.0(8)1 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2(4)2 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(4)5 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2.(2.19) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2(2) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.1(2)74 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.0.4.3 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2(4)27 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 8.0(3)15 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2(2.10) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.1(2.55) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.1.(2.48) | Trust: 0.3 |
| vendor: | cisco | model: | asa series adaptive security appliance | scope: | eq | version: | 55007.1 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2(4)16 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.0.4 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.0(5) | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.1 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.2(4)7 | Trust: 0.3 |
| vendor: | cisco | model: | pix/asa | scope: | eq | version: | 7.0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
XSS
Trust: 0.6
CONFIGURATIONS
EXPLOIT AVAILABILITY
PATCH
| title: | 17950 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=17950 | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2009-1220 | Trust: 2.8 |
| db: | VUPEN | id: | ADV-2009-1169 | Trust: 2.5 |
| db: | BID | id: | 34307 | Trust: 2.0 |
| db: | SECTRACK | id: | 1022122 | Trust: 1.7 |
| db: | JVNDB | id: | JVNDB-2009-001520 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-200904-022 | Trust: 0.7 |
| db: | FULLDISC | id: | 20090331 CISCO ASA5520 WEB VPN HOST HEADER XSS | Trust: 0.6 |
| db: | BUGTRAQ | id: | 20090331 CISCO ASA5520 WEB VPN HOST HEADER XSS | Trust: 0.6 |
| db: | BUGTRAQ | id: | 20090424 RE: CISCO ASA5520 WEB VPN HOST HEADER XSS | Trust: 0.6 |
| db: | XF | id: | 5520 | Trust: 0.6 |
| db: | XF | id: | 49528 | Trust: 0.6 |
| db: | EXPLOIT-DB | id: | 32878 | Trust: 0.1 |
| db: | SEEBUG | id: | SSVID-86145 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-38666 | Trust: 0.1 |
REFERENCES
| url: | http://www.vupen.com/english/advisories/2009/1169 | Trust: 2.5 |
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=17950 | Trust: 2.0 |
| url: | http://www.securityfocus.com/bid/34307 | Trust: 1.7 |
| url: | http://www.securityfocus.com/archive/1/502932 | Trust: 1.7 |
| url: | http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0478.html | Trust: 1.7 |
| url: | http://www.securitytracker.com/id?1022122 | Trust: 1.7 |
| url: | http://www.securityfocus.com/archive/1/502313/100/0/threaded | Trust: 1.1 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/49528 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1220 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1220 | Trust: 0.8 |
| url: | /archive/1/502313 | Trust: 0.6 |
| url: | http://xforce.iss.net/xforce/xfdb/49528 | Trust: 0.6 |
| url: | http://www.securityfocus.com/archive/1/archive/1/502313/100/0/threaded | Trust: 0.6 |
| url: | cisco asa5520 web vpn host header xss | Trust: 0.3 |
| url: | /archive/1/502932 | Trust: 0.3 |
CREDITS
Bugs NotHugs
Trust: 0.9
SOURCES
| db: | VULHUB | id: | VHN-38666 |
| db: | BID | id: | 34307 |
| db: | JVNDB | id: | JVNDB-2009-001520 |
| db: | CNNVD | id: | CNNVD-200904-022 |
| db: | NVD | id: | CVE-2009-1220 |
LAST UPDATE DATE
2024-11-23T22:46:31.190000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-38666 | date: | 2018-10-10T00:00:00 |
| db: | BID | id: | 34307 | date: | 2009-04-24T17:06:00 |
| db: | JVNDB | id: | JVNDB-2009-001520 | date: | 2009-06-30T00:00:00 |
| db: | CNNVD | id: | CNNVD-200904-022 | date: | 2009-05-06T00:00:00 |
| db: | NVD | id: | CVE-2009-1220 | date: | 2024-11-21T01:01:56.503 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-38666 | date: | 2009-04-01T00:00:00 |
| db: | BID | id: | 34307 | date: | 2009-03-31T00:00:00 |
| db: | JVNDB | id: | JVNDB-2009-001520 | date: | 2009-06-30T00:00:00 |
| db: | CNNVD | id: | CNNVD-200904-022 | date: | 2009-04-01T00:00:00 |
| db: | NVD | id: | CVE-2009-1220 | date: | 2009-04-01T18:30:00.610 |