CVE-2012-3088
First published: Sun Sep 16 2012(Updated: )
Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco AnyConnect Secure | =3.1.0 | |
| Cisco AnyConnect Secure | =3.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-3088?
CVE-2012-3088 has a moderate severity rating due to its potential impact on Cisco AnyConnect Secure Mobility Client.
How can I fix CVE-2012-3088?
To resolve CVE-2012-3088, upgrade to Cisco AnyConnect Secure Mobility Client version 3.1.00495 or later.
What versions of Cisco AnyConnect are affected by CVE-2012-3088?
CVE-2012-3088 affects Cisco AnyConnect Secure Mobility Client versions 3.1.x prior to 3.1.00495 and 3.2.x.
What type of vulnerability is CVE-2012-3088?
CVE-2012-3088 is classified as an HTTP request header manipulation vulnerability.
Who reported the issue in CVE-2012-3088?
CVE-2012-3088 was associated with Bug ID CSCua13166, indicating it was reported through Cisco's internal bug tracking system.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco anyconnect secure
- version/cisco anyconnect secure/3.1.0
- version/cisco anyconnect secure/3.2.0