Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0160

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0160
Last Modified 05 Sep 2008 04:27:19
Published 22 Apr 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0160

Summary

The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002.

Vulnerable Systems

Application

  • Cisco Secure Access Control Server 2.6

  • Cisco Secure Access Control Server 2.6.2

  • Cisco Secure Access Control Server 2.6.3

  • Cisco Secure Access Control Server 2.6.4

  • Cisco Secure Access Control Server 3.0

  • Cisco Secure Access Control Server 3.0.1


References

CISCO - 20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows

BUGTRAQ - 20020403 iXsecurity.20020316.csadmin_dir.a

OSVDB - 5352


Last Updated: 27 May 2016 10:36:48