CVE-2002-0160

Published: Apr 22, 2002Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002.

Affected (6)

Products: Cisco: Secure Access Control Server

Cisco

1 product

Secure Access Control Server

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Cisco Secure Access Control Server	Version 2.6.2
Cisco Secure Access Control Server	Version 2.6.3
Cisco Secure Access Control Server	Version 2.6.4
Cisco Secure Access Control Server	Version 2.6
Cisco Secure Access Control Server	Version 3.0.1
Cisco Secure Access Control Server	Version 3.0

References (6)

http://marc.info/?l=bugtraq&m=101786689128667&w=2

Source: cve@mitre.org

http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml

Source: cve@mitre.org

PatchVendor Advisory

http://www.osvdb.org/5352

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=101786689128667&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.osvdb.org/5352

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.