|
-
May 28th, 2010, 08:20 AM
#1
Junior Member
Cisco ASA issue
Hi All,
We are using Cisco webvpn for remote access. While doing a security test, it was revealed:
- with webvpn enabled on any port other then the default (443) the webvpn http server responds to the url http://<webvpn_address>:<port#>/<anything.exe>
- you can change <anything.exe> to any text you wish, as long as it ends in .exe the asa sends the client a 0 byte .exe file
Has anyone came across such issue and how can it lead to security attack.
Thanks in advance.
Similar Threads
-
By Spyder32 in forum Miscellaneous Security Discussions
Replies: 1
Last Post: May 27th, 2008, 01:17 PM
-
By ThePreacher in forum Miscellaneous Security Discussions
Replies: 17
Last Post: December 14th, 2006, 09:37 PM
-
By phishphreek in forum Network Security Discussions
Replies: 0
Last Post: December 10th, 2003, 08:00 PM
-
By Ratman2 in forum Firewall & Honeypot Discussions
Replies: 0
Last Post: November 22nd, 2002, 03:17 PM
-
By NUKEM6 in forum Non-Security Archives
Replies: 1
Last Post: February 3rd, 2002, 11:28 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote