Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3290

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-3290
Last Modified 07 Mar 2011 09:38:17
Published 28 Jun 2006 07:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3290

Summary

HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request.

Vulnerable Systems


References

CISCO - 20060628 Multiple Vulnerabilities in Wireless Control System

VUPEN - ADV-2006-2583

BID - 18701

XF - cisco-wcs-http-information-disclosure(27442)

OSVDB - 26879

SECTRACK - 1016398

SECUNIA - 20870


Last Updated: 27 May 2016 10:42:57