CVE-2009-1220

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliances (ASA) versions 7.2(4)30 and earlier 7.2 versions Cisco Adaptive Security Appliances (ASA) versions 8.0(4)28 and earlier 8.0 versions

Description A cross-site scripting (XSS) issue exists when clientless mode is enabled, allowing remote attackers to inject arbitrary web script or HTML via the Host HTTP header. This could enable unauthenticated, remote attackers to conduct cross-site scripting attacks.

Recommendations For versions 7.2(4)30 and earlier 7.2 versions, update to a version later than 7.2(4)30 to resolve the issue. For versions 8.0(4)28 and earlier 8.0 versions, update to a version later than 8.0(4)28 to resolve the issue. As a temporary workaround, consider disabling clientless mode until a patch is available.