CVE-2009-1202

medium

Description

WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705.

References

http://www.vupen.com/english/advisories/2009/1713

http://www.securitytracker.com/id?1022457

http://www.securityfocus.com/bid/35480

http://www.securityfocus.com/archive/1/504516/100/0/threaded

http://secunia.com/advisories/35511

Details

Source: Mitre, NVD

Published: 2009-06-25

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00362