The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and previous versions and 3.x up to and including 3.01 (build 40), allows remote malicious users to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco secure access control server 2.6.2 |
||
cisco secure access control server 2.6.3 |
||
cisco secure access control server 2.6.4 |
||
cisco secure access control server 2.6 |
||
cisco secure access control server 3.0 |
||
cisco secure access control server 3.0.1 |