CVE-2002-0160

The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:secure_access_control_server:2.6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2002-04-22 04:00

Updated : 2024-02-04 16:31


NVD link : CVE-2002-0160

Mitre link : CVE-2002-0160

CVE.ORG link : CVE-2002-0160


JSON object : View

Products Affected

cisco

  • secure_access_control_server