Log in to Save Content
Available Languages
Updated:October 8, 2015
Document ID:1454772893331690
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
'+h2+'
' + moretext + ''; $t(this).html(html); $t(this).find("div.full").toggle(); } } } catch(exc){ console.log(exc); $t(this).html(htmlBase); } }); $t(".morelink").click(function () { if ($t(this).hasClass("less")) { $t(this).removeClass("less"); $t(this).text(moretext); } else { $t(this).addClass("less"); $t(this).text(lesstext); } $t(this).parent().find("div.snippet").toggle(); $t(this).parent().find("div.full").toggle(); return false; }); //$t(".btnShowMoreRows").click(function () { //$t('table').find('tr:gt(3)').toggle(); //}); var rowCounter = 1; var rowSpanIndexes = []; var adjustedIndex = 0; var currentRowSpanCounter = 0; var currentCellCaption = []; var colIndex = 0; var rowSpanCellArray = []; $t('#ud-master-container').find('table').not($t('#ud-revision-history').find('table')).parent().each(function () { var parent = $t(this);//.parent(); var content = $t(this).html();//.parent().html(); var update = false; var tblStrings = ""; parent.find('table').each(function () { update = true; var escTable = $t(this)[0].outerHTML; var newIndex = content.indexOf(escTable); if (tblStrings.indexOf(escTable) == -1) { currentCellCaption = [0]; tblStrings += escTable; var c2 = content.substring(newIndex); var c3 = c2; var scrollTable = false; if ($t(this).hasClass("cisco-data-table")) { try{ rowSpanIndexes = []; rowCounter = 1; var tmp = $t(document.createElement('div')) $t(this).clone().appendTo(tmp); var replaceTable = $t(tmp).find("table"); replaceTable.find("tr,td,tbody,thead").remove(); replaceTable.append("
"); replaceTable = $t(tmp).find("table"); if (!replaceTable.hasClass("cisco-data-table-small")) { replaceTable.addClass("cisco-data-table-small"); } if (replaceTable.hasClass("cisco-data-table")) { replaceTable.removeClass("cisco-data-table"); } if (replaceTable.attr("id")) { replaceTable.attr("id",replaceTable.attr("id")+"-small"); } $t(this).find("tr").each(function (index) { currentRowSpanCounter = 0; if (!$t(this).hasClass("data-table-header-row") && !$t(this).hasClass("data-table-section-header-row")) { $t(this).find("th,td").each(function (index) { colIndex = index; if (rowSpanIndexes.length > 0) { for (r = 0; r <= colIndex ; r++) { if (rowSpanIndexes[r] > 0) { if (colIndex == r) { replaceTable.find("tbody:first").append("
") if ((rowCounter) % 2 == 0) { replaceTable.find("tbody:first > tr:last").addClass("data-table-alternate-row"); } } colIndex = colIndex + 1; } } } colIndex = colIndex - currentRowSpanCounter; if ($t(this).attr("rowspan") != undefined && $t(this).attr("rowspan") > 1) { rowSpanIndexes[colIndex] = $t(this).attr("rowspan"); rowSpanCellArray[colIndex] = $t(this); currentRowSpanCounter++; } if (!$t(this).hasClass("data-table-caption-cell") && !$t(this).hasClass("data-table-header-cell")) { for(var cidx = index-1; cidx >=0; cidx--) { var cidxe = $t(this).parent().children()[cidx]; var cidxspan = $t(cidxe).attr("colspan"); if(cidxspan != undefined && cidxspan > 1) { colIndex = colIndex + (cidxspan - 1) } } replaceTable.find("tbody:first").append("
") if ((rowCounter) % 2 == 0) { replaceTable.find("tbody:first > tr:last").addClass("data-table-alternate-row"); } if ($t(this).attr("colspan") != undefined && $t(this).attr("colspan") > 1) { var colSpan = $t(this).attr("colspan"); var cs = 1 do{ if ($t(this).attr("rowspan") != undefined && $t(this).attr("rowspan") > 1) { rowSpanIndexes[cs+colIndex] = $t(this).attr("rowspan"); rowSpanCellArray[cs+colIndex] = $t(this); currentRowSpanCounter++; } replaceTable.find("tbody:first").append("
") if ((rowCounter) % 2 == 0) { replaceTable.find("tbody:first > tr:last").addClass("data-table-alternate-row"); } cs++; }while(cs < colSpan) } } else if ($t(this).hasClass("data-table-caption-cell")) { currentCellCaption[colIndex] = $t(this).html(); var captionColSpan = $t(this).attr("colspan"); for (c = colIndex + 1; c <= colIndex + captionColSpan - 1; c++) { currentCellCaption[c] = $t(this)[0].innerHTML; } } else if ($t(this).parent().hasClass("data-table-section-header-row")) { $t(replaceTable).find("tbody:first").append("
") var newCell = $t(replaceTable).find("tbody > tr:last > td:last"); var newRow = $t(replaceTable).find("tbody > tr:last"); newRow.attr("style", $t(this).parent().attr("style")); newRow.addClass($t(this).parent().attr("class")); newCell.attr("colspan", 2); newCell.attr("style", $t(this).attr("style")); newCell.addClass($t(this).attr("class")); } }); rowCounter++; } else { rowCounter = 1; $t(this).find("td,th").each(function (index) { colIndex = index; if (rowSpanIndexes.length > 0) { for (r = 0; r <= colIndex ; r++) { if (rowSpanIndexes[r] > 0) { colIndex = colIndex + 1; } } } if ($t(this).hasClass("data-table-caption-cell")) { var captionColSpan = $t(this).attr("colspan"); for(var cidx = index-1; cidx >=0; cidx--) { var cidxe = $t(this).parent().children()[cidx]; var cidxspan = $t(cidxe).attr("colspan"); if(cidxspan != undefined && cidxspan > 1) { colIndex = colIndex + (cidxspan - 1) } } currentCellCaption[colIndex] = $t(this).html(); for (c = colIndex + 1; c <= colIndex + (captionColSpan - 1); c++) { currentCellCaption[c] = $t(this)[0].innerHTML; } } else if ($t(this).parent().hasClass("data-table-section-header-row")) { $t(replaceTable).find("tbody:first").append("
") var newCell = $t(replaceTable).find("tbody > tr:last > td:last"); var newRow = $t(replaceTable).find("tbody > tr:last"); newRow.attr("style", $t(this).parent().attr("style")); newRow.addClass($t(this).parent().attr("class")); newCell.attr("colspan", 2); newCell.attr("style", $t(this).attr("style")); newCell.addClass($t(this).attr("class")); } }); } for (r = 0; r < rowSpanIndexes.length; r++) { if (rowSpanIndexes[r] > 0) { rowSpanIndexes[r]--; } } }); scrollTable = false; } catch(tblexc){ console.log(tblexec); scrollTable = true; } } while (newIndex != -1) { if ($t(this).hasClass("cisco-data-table") && !scrollTable) { var c4 = replaceTable[0].outerHTML; c3 = c2.replace(escTable, escTable + c4); tmp = null; } else { c3 = c2.replace(escTable, '
' + escTable + '
'); } content = content.substring(0, newIndex) + c3; newIndex = content.indexOf(escTable, newIndex + escTable.length); if(newIndex != -1){ c2 = content.substring(newIndex,content.length); } } } if (update) { parent.html(content); } }); }); $t(".collapsible-link-list h2.ud-section-heading").click(function () { $t(this).toggleClass("open"); return false; }); $t(".ud-side-link-list h2.ud-section-heading").click(function () { $t(this).toggleClass("open"); return false; }); $t(".ud-main-link-list h2.ud-section-heading").click(function () { $t(this).toggleClass("open"); return false; }); $t("a.tableToggler").click(function () { if($t(this).prev("table").find("tr:eq(3)").length==0) { $t(this).toggle(); return; } if($t(this).text() == "Show Complete History...") { $t(this).html("Show Less"); } else { $t(this).html("Show Complete History..."); } var $tr = $t(this).prev("table").find("tr:eq(3)").toggle(); $tr.nextAll().toggle(); }).prev("table").find("tr:eq(3)").show().end().end().trigger('click'); $t("a.relatedcontenttoggle").click(function () { if ($t(this).hasClass("less")) { $t(this).removeClass("less"); $t(this).parent().find("div.flexrow:eq(9)").nextAll().addClass("relatedoverflow-hidden"); $t(this).text("Show All "+relatedCount+"..."); } else { $t(this).addClass("less"); $t(this).parent().find("div.flexrow:eq(9)").nextAll().removeClass("relatedoverflow-hidden"); $t(this).text("Show Less"); } return false; }); //Dialog Handlers hideDisalogs(); $t(window).resize(function(){ hideDisalogs(); }); $t('body').click(function (e) { hideDisalogs(); }); //Begin CVE $t('.cves').click(function (e) { e.stopPropagation(); $t(".cves").show();}); $t('.closeCVE').click(function (e) { e.stopPropagation(); $t(".cves").hide(); return false; }); $t('.showCVE').click(function (e) { hideDisalogs(); e.stopPropagation(); var $cveIWidthDiv = $t(this).parent().parent().parent().find(".cveParentIWidth"); var $cveparentDiv = $t(this).parent().parent().parent().find(".cves"); var $content = $t(this).parent().parent().parent().find("#fullcvecontent_content"); var $this = $t(this); showDialog($this, $cveIWidthDiv, $cveparentDiv, $content); return false; }); //End CVE //Begin CWE $t('.cwes').click(function (e) { e.stopPropagation(); $t(".cwes").show(); }); $t('.closeCWE').click(function (e) { e.stopPropagation(); $t(".cwes").hide(); return false; }) $t('.showCWE').click(function (e) { hideDisalogs(); e.stopPropagation(); var $cveIWidthDiv = $t(this).parent().parent().parent().parent().find(".cweParentIWidth"); var $cveparentDiv = $t(this).parent().parent().parent().parent().find(".cwes"); var $content = $t(this).parent().parent().parent().parent().find("#fullcwecontent_content"); var $this = $t(this); showDialog($this, $cveIWidthDiv, $cveparentDiv, $content); return false; }); //End CWE //Begin DDTS Bug IDs $t('.ddts').click(function (e) { e.stopPropagation(); $t(".ddts").show(); }); $t('.closeDDTS').click(function (e) { e.stopPropagation(); $t(".ddts").hide(); return false; }); $t('.showDDTS').click(function (e) { hideDisalogs(); e.stopPropagation(); var $cveIWidthDiv = $t(this).parent().parent().parent().find(".ddtsParentIWidth"); var $cveparentDiv = $t(this).parent().parent().parent().find(".ddts"); var $content = $t(this).parent().parent().parent().find("#fullddtscontent_content"); var $this = $t(this); showDialog($this, $cveIWidthDiv, $cveparentDiv, $content); return false; }); //End DDTS Bug IDs}); function hideDisalogs() { $t(".cves").hide(); $t(".cwes").hide(); $t(".ddts").hide(); } function showDialog($this, $cveIWidthDiv, $cveparentDiv, $content) { $cveIWidthDiv.html(""); var tempCVEArray = ($content.html()).split(","); var totalCVE = tempCVEArray.length; var parentWidth; var ColclassName; var colWidth; var limitPerColumn = 0; if (totalCVE <= 20) { parentWidth = "150px"; limitPerColumn = 20; $cveparentDiv.css("width", parentWidth); if ($t(window).width() <= 768) { //$cveparentDiv.css("left" , "calc(50% - 70px)" ); } $cveIWidthDiv.append("
"); for (i = 0; i < totalCVE; i++) { $cveIWidthDiv.find(".col1").append("
" + tempCVEArray[i] + "
"); } } if (totalCVE > 20 && totalCVE <= 40) { parentWidth = "300px"; limitPerColumn = 20; $cveparentDiv.css("width", parentWidth); if ($t(window).width() <= 768) { //$cveparentDiv.css("left" , "calc(50% - 145px)" ); } $cveIWidthDiv.append("
"); for (i = 0; i < 20; i++) { $cveparentDiv.find(".col1").append("
" + tempCVEArray[i] + "
"); } for (j = 20; j < totalCVE; j++) { $cveIWidthDiv.find(".col2").append("
" + tempCVEArray[j] + "
"); } } if ($t(window).width() > 768) { if (totalCVE > 40 && totalCVE <= 60) { parentWidth = "450px"; limitPerColumn = 20; $cveIWidthDiv.append("
"); for (i = 0; i < 20; i++) { $cveIWidthDiv.find(".col1").append("
" + tempCVEArray[i] + "
"); } for (j = 20; j < 40; j++) { $cveIWidthDiv.find(".col2").append("
" + tempCVEArray[j] + "
"); } for (k = 40; k < totalCVE; k++) { $cveIWidthDiv.find(".col3").append("
" + tempCVEArray[k] + "
"); } } if (totalCVE > 60) { ColclassName = "threeCol"; colWidth = "33.33%"; limitPerColumn = parseInt(totalCVE / 3); var lim_remainder = totalCVE % 3; var lim1 = limitPerColumn; var lim2 = 2 * limitPerColumn;; var lim3 = totalCVE; if (lim_remainder == 1) { lim1 = limitPerColumn + 1; lim2 = limitPerColumn + lim1; } if (lim_remainder == 2) { lim1 = limitPerColumn + 1; lim2 = limitPerColumn + lim1 + 1; } $cveIWidthDiv.append("
"); $cveIWidthDiv.css("overflow", "auto"); for (i = 0; i < lim1; i++) { $cveIWidthDiv.find(".col1").append("
" + tempCVEArray[i] + "
"); } for (j = lim1; j < lim2; j++) { $cveIWidthDiv.find(".col2").append("
" + tempCVEArray[j] + "
"); } for (k = lim2; k < lim3; k++) { $cveIWidthDiv.find(".col3").append("
" + tempCVEArray[k] + "
"); } } } if ($t(window).width() <= 768) { if (totalCVE > 40) { ColclassName = "twoCol"; colWidth = "50%"; parentWidth = "300px"; $cveparentDiv.css("width", parentWidth); limitPerColumn = parseInt(totalCVE / 2); var lim_remainder = totalCVE % 2; var lim1 = limitPerColumn; var lim2 = totalCVE; if (lim_remainder == 1) { lim1 = limitPerColumn + 1; } $cveIWidthDiv.append("
"); $cveIWidthDiv.css("overflow", "auto"); for (i = 0; i < lim1; i++) { $cveIWidthDiv.find(".col1").append("
" + tempCVEArray[i] + "
"); } for (j = lim1; j < lim2; j++) { $cveIWidthDiv.find(".col2").append("
" + tempCVEArray[j] + "
"); } } } $cveparentDiv.slideDown(300); var cvwidth = 40; $cveparentDiv.find(".cvecolumn").each(function () { cvwidth = cvwidth + $t(this).width() + 35; }); $cveparentDiv.css("width", cvwidth); if ($t(window).width() > 768) { var cveboxheight = 300; var scrltop = $cveparentDiv.offset().top - 50; $t('html, body').animate({ scrollTop: scrltop }, 500); $cveparentDiv.transpose } } function cvssToClip(){ var target = document.getElementById("hdncvssvector"); var currentFocus = document.activeElement; target.focus(); target.setSelectionRange(0, target.value.length); // copy the selection var succeed; try { succeed = document.execCommand("copy",false,target.value); } catch(e) { succeed = false; } // restore original focus if (currentFocus && typeof currentFocus.focus === "function") { currentFocus.focus(); } }
Medium
Advisory ID:
Cisco-SA-20090624-CVE-2009-1201
FirstPublished:
2009June2416:08GMT
LastUpdated:
2012July1415:12GMT
Version2.0:
Final
Workarounds:
See below
CVE-2009-1201
CVSSScore:
Base 4.3, Temporal 3.6
Click Icon to Copy Verbose Score
AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C
CVE-2009-1201
Summary
Cisco ASA Adaptive Security Appliance Software versions prior to 8.0.4(34), 8.1.2(25), and 8.2.1(3) that are configured to accept Clientless SSL VPN connections are affected by a cross-site scripting vulnerability. Versions 7.x are not affected.
The vulnerability is due to insufficient restrictions on access to the JavaScript-based Document Object Model (DOM) that the SSL VPN feature of Cisco ASA uses when clients browse web pages using the VPN web portal. If an unauthenticated, remote attacker can convince a user to visit a malicious page while the user is logged in to the secure portal, the attacker couldexecute arbitrary script or HTML code in the security context of the affected site.
Cisco has confirmed this vulnerability and released updated software.
The vulnerability is due to a failure to properly protect theDOM of the Clientless SSL VPN from unauthorized modification. The vulnerability is likely to be exploited in cases in which administrators allow users to enter arbitrary URLs that will be visited using the secure web portal. Systems that allow users to visit only URLs that have been defined by administrators are less likely to be affected. When administrators define the URLs, an attacker would need to take control of a website that resides at one of these URLs, or perform some sort of URL spoofing or hijacking to perform an attack.
Exploit code that demonstrates the cross-site scripting vulnerability is publicly available.
Affected Products
Cisco has released a Release Note Enclosure for Cisco bug ID CSCsy80694.
This vulnerability was reported to Cisco by Charles Henderson and David Byrne of Trustwave's SpiderLabs.
Vulnerable Products
Cisco ASA Software versions prior to 8.0.4(34), 8.1.2(25), and 8.2.1(3) are affected when they are running on Cisco ASA 5505, 5510, 5520, 5540, 5550, and 5580 devices.
Cisco ASA Software versions 7.x are not affected.
Products Confirmed Not Vulnerable
No other Cisco products are currently known to be affected by these vulnerabilities.
Workarounds
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to have network access.
Administrators are advised to configure the Clientless SSL VPN web portal to restrict users to administratively defined websites.
Administrators are advised to configure Web Access Control Lists (ACLs) to restrict users to internal or authorized resources only.
Users are advised not to follow unsolicited links. Users should verify the authenticity of unexpected links prior to following them.
Users are advised not to visit untrusted websites or links.
Fixed Software
Cisco customers with active contracts can obtain updates through the Software Center at the following link: Cisco. Cisco customers without contracts can obtain upgrades by contacting the Cisco Technical Assistance Center at 1-800-553-2447 or 1-408-526-7209 or via e-mail at tac@cisco.com.
A special download page on the Software Center contains fixed software releases at the following link: ASA-PSIRT
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Cisco Security Vulnerability Policy
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Subscribe to Cisco Security Notifications
Subscribe
Action Links for This Advisory
Cisco ASA WebVPN XSS
Cisco ASA WebVPN XSS
Cisco ASA WebVPN XSS
URL
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20090624-CVE-2009-1201
Revision History
Version Description Section Status Date 1.0 Initial Release NA Final 2009-Jun-24
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.
Feedback
Leave additional feedback
Cisco Security Vulnerability Policy
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Subscribe to Cisco Security Notifications
Subscribe
Action Links for This Advisory
Cisco ASA WebVPN XSS
Cisco ASA WebVPN XSS
Cisco ASA WebVPN XSS
