Summary
Cisco ASA Software is prone to an information-disclosure vulnerability.
Impact
An attacker can leverage this issue to obtain sensitive information that may aid in further attacks.
Solution
Updates are available.
Insight
This issue is being tracked by Cisco bug ID CSCuq65542.
Detection
Try to access /CSCOSSLC/config-auth and check the response
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-3398 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Apache Web Server ETag Header Information Disclosure Weakness
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities