CVE-2010-4690

The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers to obtain sensitive information via a HEAD request, aka Bug ID CSCte53635.

Date published : 2011-01-07

http://www.securityfocus.com/bid/45768

http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.pdf