Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability announce CVE-2009-1201 CVE-2009-1202 CVE-2009-1203

Cisco ASA: vulnerabilities of the Web VPN

Synthesis of the vulnerability

An attacker can use three vulnerabilities of the Web VPN of Cisco ASA in order to execute JavaScript code or to obtain authentication credential.
Severity: 2/4.
Creation date: 24/06/2009.

Description of the vulnerability

Three vulnerabilities were announced in Cisco ASA Web VPN, Clientless SSL VPN.

An attacker can create an HTML page containing a function stored in the CSCO_WebVPN['process'] variable. The csco_wrap_js() JavaScript function then calls attacker's function, and its code runs in the context of the web proxy. [severity:2/4; 18373, BID-35476, CSCsy80694, CVE-2009-1201, >]

The proxy changes urls using a ROT13 encoding. However, if a script changes the first byte, the returned page is not rewritten, and the JavaScript code it contains is thus executed in the context of the proxy. [severity:2/4; 18442, BID-35480, CSCsy80705, CVE-2009-1202, >]

An HTML page can contain a link to a FTP of CIFS site requesting an authentication. When the victim clicks on this link, a dialog box appears. However, this window is similar to the proxy authentication window, which can deceive the victime and invite him to enter his proxy login and password. [severity:2/4; 18536, BID-35475, CSCsy80709, CVE-2009-1203, >]

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: Cisco ASA: vulnerabilities of the Web VPN.
Keywords: 18373 18442 18536 ASA CIFS CSCO_WebVPN CSCsy80694 CSCsy80705 CSCsy80709 Cisco Clientless FTP HTML JavaScript ROT13 SSL VPN Web csco_wrap_js vulnerabilities.
Identifiers: 18373, 18442, 18536, BID-35474, BID-35475, BID-35476, BID-35480, CSCsy80694, CSCsy80705, CSCsy80709, CVE-2009-1201, CVE-2009-1202, CVE-2009-1203, TWSL2009-002, VIGILANCE-VUL-8822.

Information sources

Publications and announces

Solutions for this vulnerability

Patch or workaround

Supplements

Vulnerability : CVE-2009-1201

An attacker can create an HTML page containing a function stored in the CSCO_WebVPN['process'] variable. The csco_wrap_js() JavaScript function then calls attacker's function, and its code runs in the context of the web proxy.
Severity: 2/4.
Identifiers: 18373, BID-35476, CSCsy80694, CVE-2009-1201.
Publications and announces
Source example: Cisco ASA Adaptive Security Appliance Clientless SSL VPN DOM Cross-Site Scripting Vulnerability

Vulnerability : CVE-2009-1202

The proxy changes urls using a ROT13 encoding. However, if a script changes the first byte, the returned page is not rewritten, and the JavaScript code it contains is thus executed in the context of the proxy.
Severity: 2/4.
Identifiers: 18442, BID-35480, CSCsy80705, CVE-2009-1202.
Publications and announces
Source example: Cisco ASA Adaptive Security Appliance Software Clientless SSL VPN Rot13-Encoded Cross-Site Scripting Vulnerability

Vulnerability : CVE-2009-1203

An HTML page can contain a link to a FTP of CIFS site requesting an authentication. When the victim clicks on this link, a dialog box appears. However, this window is similar to the proxy authentication window, which can deceive the victime and invite him to enter his proxy login and password.
Severity: 2/4.
Identifiers: 18536, BID-35475, CSCsy80709, CVE-2009-1203.
Publications and announces
Source example: Cisco ASA Adaptive Security Appliance Clientless SSL VPN CIFS and FTP Credential Theft Vulnerability

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer applications vulnerability



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française