The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug ID CSCui04520.
http://www.securityfocus.com/bid/68063
http://tools.cisco.com/security/center/viewAlert.x?alertId=34627