CVE-2008-2735

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) 5500 devices versions 8.0 before 8.0(3)15 Cisco Adaptive Security Appliance (ASA) 5500 devices versions 8.1 before 8.1(1)5

Description The issue is related to the HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices when configured as a clientless SSL VPN endpoint, which does not properly process URIs. This allows remote attackers to cause a denial of service (device reload) via a URI in a crafted SSL or HTTP packet. Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances that may result in a reload of the device or disclosure of confidential information.

Recommendations For versions 8.0 before 8.0(3)15, update to version 8.0(3)15 or later. For versions 8.1 before 8.1(1)5, update to version 8.1(1)5 or later.