First published: Fri May 20 2011(Updated: )
Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco CiscoWorks Common Services | =2.2 | |
Cisco CiscoWorks Common Services | <=3.3 | |
Cisco CiscoWorks Common Services | =3.0.6 | |
Cisco CiscoWorks Common Services | =3.0.4 | |
Cisco CiscoWorks Common Services | =3.2 | |
Cisco CiscoWorks Common Services | =1.0 | |
Cisco CiscoWorks Common Services | =3.1.1 | |
Cisco CiscoWorks Common Services | =3.0 | |
Cisco CiscoWorks Common Services | =3.1 | |
Cisco CiscoWorks Common Services | =3.0.3 | |
Cisco CiscoWorks Common Services | =3.0.5 | |
<=3.3 | ||
=1.0 | ||
=2.2 | ||
=3.0 | ||
=3.0.3 | ||
=3.0.4 | ||
=3.0.5 | ||
=3.0.6 | ||
=3.1 | ||
=3.1.1 | ||
=3.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.