Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cisco ASA设备绕过HTML重写规则漏洞
Vulnerability Description
Cisco自适应安全设备(ASA)是可提供安全和VPN服务的模块化平台。 在通过ASA的Web VPN请求网页的时候,目标资源类型(scheme)和主机名部分首先Rot13编码,然后16进制编码并放在ASA的URL中。 例如,可通过请求以下ASA路径访问http://www.trustwave.com: /+CSCO+0075676763663A2F2F6A6A6A2E67656866676A6E69722E70627A+ +/ 显然这个请求的HTML内容经过了ASA的重新格式化: <script id=
CVSS Information
N/A
Vulnerability Type
N/A