CVE-2009-1202

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliances (ASA) versions prior to 8.0.4(34) Cisco Adaptive Security Appliances (ASA) versions prior to 8.1.2(25) Cisco Adaptive Security Appliances (ASA) versions prior to 8.2.1(3)

Description The issue allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks. This can be achieved by modifying the first hex-encoded character in a /+CSCO+ URI. The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary script or HTML code in a user's browser session.

Recommendations For versions prior to 8.0.4(34), update to version 8.0.4(34) or later. For versions prior to 8.1.2(25), update to version 8.1.2(25) or later. For versions prior to 8.2.1(3), update to version 8.2.1(3) or later.