CVE-2013-5515

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software versions 8.x through 8.2(5.43) Cisco Adaptive Security Appliance (ASA) Software versions 8.3.x through 8.3(2.38) Cisco Adaptive Security Appliance (ASA) Software versions 8.4.x through 8.4(5.6) Cisco Adaptive Security Appliance (ASA) Software versions 8.6.x through 8.6(1.11) Cisco Adaptive Security Appliance (ASA) Software versions 9.0.x through 9.0(2.5) Cisco Adaptive Security Appliance (ASA) Software versions 9.1.x through 9.1(1.6)

Description The Clientless SSL VPN feature in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (device reload) via crafted HTTPS requests. This issue is identified by Bug ID CSCua22709.

Recommendations For versions 8.x through 8.2(5.43), update to version 8.2(5.44) or later. For versions 8.3.x through 8.3(2.38), update to version 8.3(2.39) or later. For versions 8.4.x through 8.4(5.6), update to version 8.4(5.7) or later. For versions 8.6.x through 8.6(1.11), update to version 8.6(1.12) or later. For versions 9.0.x through 9.0(2.5), update to version 9.0(2.6) or later. For versions 9.1.x through 9.1(1.6), update to version 9.1(1.7) or later.