| Vulnerability Name: | CVE-2002-0160 (CCN-8743) | ||||||||
| Assigned: | 2002-04-03 | ||||||||
| Published: | 2002-04-03 | ||||||||
| Updated: | 2016-10-18 | ||||||||
| Summary: | The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Wed Apr 03 2002 - 09:58:47 CST iXsecurity.20020316.csadmin_dir.a Source: MITRE Type: CNA CVE-2002-0160 Source: BUGTRAQ Type: UNKNOWN 20020403 iXsecurity.20020316.csadmin_dir.a Source: CCN Type: CIAC Information Bulletin M-064 Cisco web interface vulnerabilities in ACS for Windows Source: CCN Type: Cisco Systems Inc. Security Advisory, 2002 April 03 16:00 (UTC +0000) Web Interface Vulnerabilities in Cisco Secure ACS for Windows Source: CISCO Type: Patch, Vendor Advisory 20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows Source: OSVDB Type: UNKNOWN 5352 Source: CCN Type: OSVDB ID: 5352 CiscoSecure ACS Arbitrary File Access Source: CCN Type: BID-4417 CiscoSecure ACS For Windows Arbitrary File Access Vulnerability Source: XF Type: UNKNOWN ciscosecure-acs-directory-traversal(8743) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||