Solved: CSCun19025 ASA WebVPN login page XSS vulnerability

Chad W · ‎09-29-2014

I have a client running 9.1(4) and needs to resolve this bug. I have looked at the release notes for 9.1(5), and others that the bug fix mentions as known fixed, and this bug fix is not mentioned as a resolved caveat. But the release notes for 9.0(4) does. Am I missing something or do you just take the bug tools word that the known fixed releases are in fact ok?

Vibhor Amrodia · ‎10-07-2014

Hi,

This Defect is actually resolved only on 9.1.5.3 and above.

You might need to open a TAC case to get this interim version.

Thanks and Regards,

Vibhor Amrodia

View solution in original post

Vibhor Amrodia · ‎10-07-2014

Hi,

This Defect is actually resolved only on 9.1.5.3 and above.

You might need to open a TAC case to get this interim version.

Thanks and Regards,

Vibhor Amrodia

flgranv · ‎11-07-2014

Hello,

I just updated our 5515x software to version 9.3(1) because this was the only available software I could find where the release notes indicated that the cross site scripting bug was fixed. We did another scan yesterday (Trustwave) and we are still getting the error message. Anybody have any ideas?

(We will open a TAC case when we get our maintenance contracts sorted out - these are new boxes.)