The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=101786689128667&w=2 | |
http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml | Patch Vendor Advisory |
http://www.osvdb.org/5352 |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2002-04-22 04:00
Updated : 2024-02-04 16:31
NVD link : CVE-2002-0160
Mitre link : CVE-2002-0160
CVE.ORG link : CVE-2002-0160
JSON object : View
Products Affected
cisco
- secure_access_control_server
CWE