Published: 18/10/2001 Updated: 11/07/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote malicious users to read arbitrary files by prepending several / (slash) characters to the URI.

Vulnerable Product	Search on Vulmon	Subscribe to Product
acme labs acme server 1.7

Cisco Secure Access Control Server for Unix implements the Acmeserver and is therefore vulnerable to a directory traversal vulnerability The fix has been included in ACS Unix version 2361 which is currently available This vulnerability is detailed in Cisco Bug ID CSCdu47965 This advisory is available at: toolsciscoco ...

source: wwwsecurityfocuscom/bid/2809/info AcmeServe is a free, open-source, embeddable webserver written in Java It is small, is intended to provide minimal functionality, and is fully compatible with JavaServer AcmeServe 17 comes with a webserver that listens on port 9090 This webserver allows clients to browse the filesystem By ...

CWE-20 http://www.securityfocus.com/archive/1/188141 http://www.iss.net/security_center/static/6634.php http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml http://www.securityfocus.com/bid/2809 http://www.osvdb.org/5544 https://nvd.nist.gov https://www.exploit-db.com/exploits/20894/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20020702-acsunix-acmeweb

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2001-0748

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect