Unvalidated ScanSafe Header Handling Vulnerability in Cisco AnyConnect Secure Mobility Client

Unvalidated ScanSafe Header Handling Vulnerability in Cisco AnyConnect Secure Mobility Client

CVE-2012-3088 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166.

Learn more about our Web Application Penetration Testing UK.