CVE-2014-3399 Information

Description

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler which allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject Lua programs and consequently cause a denial of service (portal outage or system reload) via crafted HTTP requests aka Bug ID CSCup54208.

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3399 http://tools.cisco.com/security/center/viewAlert.x?alertId=35989