Think you have a false positive on this rule?

Sid 1-32108

Summary:

    SERVER-WEBAPP Cisco ASA WebVPN directory traversal attempt

Impact:

    Confidentiality Impact: NONE Integrity Impact: PARTIAL Availability Impact: NONE

Detailed Information:

    The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829.

Affected Systems:

    cisco adaptive security appliance software 8.2.5.46
    cisco adaptive security appliance software 8.2.2.12
    cisco adaptive security appliance software 8.4.3.8
    cisco adaptive security appliance software 8.4.5.6
    cisco adaptive security appliance software 8.4.7.3
    cisco adaptive security appliance software 8.2.5.41
    cisco adaptive security appliance software 9.0.4.20
    cisco adaptive security appliance software 8.3.2.25
    cisco adaptive security appliance software 9.1..1
    cisco adaptive security appliance software 8.4.3.9
    cisco adaptive security appliance software 8.2.5.48
    cisco adaptive security appliance software 9.1.1.4
    cisco adaptive security appliance software 8.2.2.10
    cisco adaptive security appliance software 9.1.3.2
    cisco adaptive security appliance software 8.6.1.1
    cisco adaptive security appliance software 8.6.1.2
    cisco adaptive security appliance software 9.0.3.6
    cisco adaptive security appliance software 8.6.1.14
    cisco adaptive security appliance software 8.3.2.23
    cisco adaptive security appliance software 8.2.2.16
    cisco adaptive security appliance software 8.3.1.6
    cisco adaptive security appliance software 8.2.2.17
    cisco adaptive security appliance software 8.2.5.50
    cisco adaptive security appliance software 9.0.3.8
    cisco adaptive security appliance software 8.3.1.1
    cisco adaptive security appliance software 8.6.1.12
    cisco adaptive security appliance software 8.6.1.13
    cisco adaptive security appliance software 8.6.1.10
    cisco adaptive security appliance software 8.2.5.33
    cisco adaptive security appliance software 9.1.4
    cisco adaptive security appliance software 9.1.5
    cisco adaptive security appliance software 8.6.1.5
    cisco adaptive security appliance software 9.1.2
    cisco adaptive security appliance software 9.1.3
    cisco adaptive security appliance software 9.3.1
    cisco adaptive security appliance software 8.2.4.1
    cisco adaptive security appliance software 8.3.1.4
    cisco adaptive security appliance software 8.3.1
    cisco adaptive security appliance software 8.2.4.4
    cisco adaptive security appliance software 8.3.2
    cisco adaptive security appliance software 8.4.1.3
    cisco adaptive security appliance software 8.3.2.13
    cisco adaptive security appliance software 8.2.5.40
    cisco adaptive security appliance software 9.0.4.17
    cisco adaptive security appliance software 8.4.4.5
    cisco adaptive security appliance software 8.2.5.22
    cisco adaptive security appliance software 8.4.2.8
    cisco adaptive security appliance software 9.1.2.8
    cisco adaptive security appliance software 8.4.4.3
    cisco adaptive security appliance software 8.4.1.11
    cisco adaptive security appliance software 8.4.2.1
    cisco adaptive security appliance software 8.4.4.9
    cisco adaptive security appliance software 8.2.5.26
    cisco adaptive security appliance software 8.4.6
    cisco adaptive security appliance software 8.4.7
    cisco adaptive security appliance software 9.0.4.5
    cisco adaptive security appliance software 9.0.1
    cisco adaptive security appliance software 9.0.2
    cisco adaptive security appliance software 9.0.4.7
    cisco adaptive security appliance software 8.3.2.41
    cisco adaptive security appliance software 8.2.1
    cisco adaptive security appliance software 9.0.4.1
    cisco adaptive security appliance software 8.3.2.40
    cisco adaptive security appliance software 8.2.5.13
    cisco adaptive security appliance software 8.3.2.39
    cisco adaptive security appliance software 9.0.3
    cisco adaptive security appliance software 8.2.1.1
    cisco adaptive security appliance software 8.4.7.22
    cisco adaptive security appliance software 9.0.4
    cisco adaptive security appliance software 8.3.2.4
    cisco adaptive security appliance software 8.3.2.37
    cisco adaptive security appliance software 8.2.2
    cisco adaptive security appliance software 8.2.3
    cisco adaptive security appliance software 8.4.1
    cisco adaptive security appliance software 8.2.4
    cisco adaptive security appliance software 8.4.2
    cisco adaptive security appliance software 8.2.5
    cisco adaptive security appliance software 8.4.3
    cisco adaptive security appliance software 8.6.1
    cisco adaptive security appliance software 8.4.4
    cisco adaptive security appliance software 8.4.5
    cisco adaptive security appliance software 8.4.7.15
    cisco adaptive security appliance software 9.1.5.10
    cisco adaptive security appliance software 8.3.2.34
    cisco adaptive security appliance software 8.4.4.1
    cisco adaptive security appliance software 9.0.2.10
    cisco adaptive security appliance software 8.3.2.31
    cisco adaptive security appliance software 8.3.2.33
    cisco adaptive security appliance software 8.2.0.45
    cisco adaptive security appliance software 9.1.5.15

Attack Scenarios:

    No data available

False Positives:

    None known

False Negatives:

    None known

Corrective Action:

    Upgrade to the latest non-affected version
    Apply vendor-provided patches

Contributors:

    No data available

Additional References: