Description
The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers to obtain sensitive information via a HEAD request, aka Bug ID CSCte53635.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1024963
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45768
Release Notes x_refsource_confirm
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64574
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42931
Scores
EPSS
0.0203
EPSS Percentile
78.6%
Details
CWE
CWE-287
Status
published
Products (49)
cisco/5500_series_adaptive_security_appliance
cisco/adaptive_security_appliance_software
7.0
cisco/adaptive_security_appliance_software
7.0\(0\)
cisco/adaptive_security_appliance_software
7.0\(2\)
cisco/adaptive_security_appliance_software
7.0\(4\)
cisco/adaptive_security_appliance_software
7.0\(5\)
cisco/adaptive_security_appliance_software
7.0\(5.2\)
cisco/adaptive_security_appliance_software
7.0\(6.7\)
cisco/adaptive_security_appliance_software
7.0.1
cisco/adaptive_security_appliance_software
7.0.1.4
... and 39 more
Published
Jan 07, 2011
Tracked Since
Feb 18, 2026