{"vuid":"VU#337508","idnumber":"337508","name":"Cisco ASA clientless SSL VPN denial of service vulnerability","keywords":["Cisco","ASA","clientless SSL VPN","DoS","denial of service","webvpn","http"],"overview":"The Cisco ASA firewall's SSL VPN component contains a denial-of-service vulnerability.","clean_desc":"The Cisco Adaptive Security Appliance (ASA) is firewall that includes routing, intrusion prevention system (IPS), and VPN components. The clientless SSL VPN allows remote users with a web browser to connect to internal web sites by tunneling an HTTPS session through the ASA. The ASA's SSL VPN component contains a denial of service vulnerability. Per Cisco Security Advisory cisco-sa-20070502-asa: A successful attack must exploit a race condition in the processing non-standard SSL sessions and may result in a reload of the device.","impact":"A remote unauthenticated attacker may be able to to create a denial-of-service condition. Note that any systems that rely on the affected device would also be affected.","resolution":"Upgrade \nCisco has released an update to address this vulnerability. See the Software Versions and Fixes section of Cisco Security Advisory cisco-sa-20070502-asa for more details.","workarounds":"","sysaffected":"","thanks":"Thanks to Cisco for information that was used in this report.","author":"This document was written by Ryan Giobbi.","public":["http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml","http://www.cisco.com/warp/public/110/webvpnasa.pdf","http://www.cisco.com/en/US/products/ps6120/index.html","http://www.cisco.com/en/US/netsol/ns461/networking_solutions_white_paper0900aecd80282f87.shtml","http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml#details","http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsi16248","http://en.wikipedia.org/wiki/Intrusion-prevention_system"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-05-02T18:34:27Z","publicdate":"2007-05-02T00:00:00Z","datefirstpublished":"2007-05-03T11:55:27Z","dateupdated":"2007-05-04T20:27:19Z","revision":13,"vrda_d1_directreport":"0","vrda_d1_population":"1","vrda_d1_impact":"4","cam_widelyknown":"2","cam_exploitation":"2","cam_internetinfrastructure":"7","cam_population":"2","cam_impact":"17","cam_easeofexploitation":"5","cam_attackeraccessrequired":"20","cam_scorecurrent":"0.70125","cam_scorecurrentwidelyknown":"1.84875","cam_scorecurrentwidelyknownexploited":"2.99625","ipprotocol":"tcp","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.70125,"vulnote":null}