CVE-2008-7257

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliances (ASA) 5580 series devices with software versions prior to 8.1(2)

Description The issue allows remote attackers to inject arbitrary HTTP headers, as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI. This can also be used to conduct HTTP response splitting attacks via unspecified vectors. Additionally, it could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks.

Recommendations For versions prior to 8.1(2), update to version 8.1(2) or later to resolve the issue. As a temporary workaround, consider restricting access to the /+webvpn+/index.html endpoint to minimize the risk of exploitation. Avoid using the Location header in HTTP responses from the affected device until the issue is resolved.