Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2735

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2008-2735
Last Modified 29 Oct 2012 11:12:36
Published 04 Sep 2008 12:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2735

Summary

The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of service (device reload) via a URI in a crafted SSL or HTTP packet, aka Bug ID CSCsq19369.

Vulnerable Systems


References

SECTRACK - 1020812

CISCO - 20080903 Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA

XF - cisco-asa-uri-dos(44869)

BID - 30998

CISCO - 20080903 Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA

SECUNIA - 31730


Last Updated: 27 May 2016 10:49:44