Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSCun19025 ASA WebVPN login page XSS vulnerability

I have a client running 9.1(4) and needs to resolve this bug. I have looked at the release notes for 9.1(5), and others that the bug fix mentions as known fixed, and this bug fix is not mentioned as a resolved caveat. But the release notes for 9.0(4) does. Am I missing something or do you just take the bug tools word that the known fixed releases are in fact ok? 

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hi,This Defect is actually

Hi,

This Defect is actually resolved only on 9.1.5.3 and above.

You might need to open a TAC case to get this interim version.

Thanks and Regards,

Vibhor Amrodia

2 REPLIES
Cisco Employee

Hi,This Defect is actually

Hi,

This Defect is actually resolved only on 9.1.5.3 and above.

You might need to open a TAC case to get this interim version.

Thanks and Regards,

Vibhor Amrodia

New Member

Hello,I just updated our

Hello,

I just updated our 5515x software to version 9.3(1) because this was the only available software I could find where the release notes indicated that the cross site scripting bug was fixed.  We did another scan yesterday (Trustwave) and we are still getting the error message.  Anybody have any ideas?

(We will open a TAC case when we get our maintenance contracts sorted out - these are new boxes.)

86
Views
5
Helpful
2
Replies