Cisco ASA 5500 Clientless SSL VPN: Weak URL Encoding and Dangerous Default Access Policy Vulnerability

Users of Cisco ASA 5500 Clientless SSL VPN please be advised of a Weak URL encoding and dangerous default access policy vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

CSESA-2010-8: [CSESA-2010-8] Cisco Clientless SSL VPN Weak URL encoding and dangerous default access policy
Product: Cisco ASA 5500 Clientless SSL VPN
Vulnerability: Weak URL encoding and dangerous default access policy
Cisco Clientless SSL VPN (Secure Desktop) can be misconfigured when
disabling the portal toolbar. The Portal toolbar is independent from
filtering the actual browser requests.

This means that all URL’s and plugins are by default allowed even if
the administrator only chooses to publish a few bookmarks to key
systems where users should have access. This may lead to the
possibility of giving unintended access to other systems behind the
ASA.

The URL is transliterated to permit encoding of the user URL’s. This
URL is then transmitted inside an already established TLS session.
The URL encoding is however easily broken and altered in order to
specify alternative URL’s that may be of interest.

Read more at http://www.criticalwatch.com