[NEWS] Cisco Secure ACS Web Server has a Directory Traversal Issue (Additional details)
From: support@securiteam.comDate: 04/06/02
- Previous message: support@securiteam.com: "[NT] Windows 2000 DCOM Clients May Leak Sensitive Information onto the Network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sat, 6 Apr 2002 13:21:17 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Cisco Secure ACS Web Server has a Directory Traversal Issue (Additional
details)
------------------------------------------------------------------------
SUMMARY
As we reported in our previous article:
<http://www.securiteam.com/windowsntfocus/5LP09156UW.html> Cisco Secure
ACS Web Server Found to Contain Vulnerabilities, a security vulnerability
in Cisco's Secure ACS web server allows attackers to view the content of
files that reside outside the normally bounding HTML root directory. The
following advisory is provides additional details on the issue.
DETAILS
Affected Products:
The affected product is Cisco Secure Access Control Server for Windows
releases 2.6.x and ACS 3.0.1 (build 40). A patch is available.
Cisco Secure ACS has a web server interface listening on port 2002. It is
possible for a logged in user to read files outside the web directory.
Exploit:
ADDITIONAL INFORMATION
The information has been provided by
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
====================
DISCLAIMER:
After a successful login, one could supply such a URL as:
http://
contents of the file temp.class in the folder 'temp' on the same volume
that the software is installed.
<mailto:Patrik.Karlsson@ixsecurity.com> Patrik Karlsson.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
Relevant Pages
... Get your security news from a reliable source. ... "poison" a user's browser cache with a malicious document that will later ... The attacker can exploit this vulnerability for "replacing" HTML ... to communicate with a malicious web server over HTTPS without the browser ...
(Securiteam)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... complete Web Server environment written entirely on top of 4th Dimension, ... WS4D web server saves the passwords somewhere insecure. ...
(Securiteam)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Beyond Security would like to welcome Tiscali World Online ... Simple Web Server is a Linux-based web server. ... 08/29/2002 Issue disclosed to iDEFENSE ...
(Securiteam)
... "Locked-down windows 2003 Web Server used only to host web sites". ... What is your logic/rationale for Media Player being a required install ... The Media Player patch was the ONLY that FAILED. ... > When talking about computer security, there are areas that have no such ...
(microsoft.public.windows.server.security)
... SECURITY PROBLEMS WITH WEB SERVERS' SESSION TRACKING MECHANISMS. ... 2001 we reported the following problem (with specifics to IIS and SITESERVER) to the Microsoft Security Response Center. ... These vulnerabilities, especially when combined with well-known cross-site scripting vulnerabilities, could cause loss of confidentiality, failure of non-repudiation and fraud. ... The browser stores and returns the "ASPSESSIONID" or "CFID/CFTOKEN" values with each subsequent request to the web server. ...
(Vuln-Dev)
