What is the severity of CVE-2011-0966?

CVE-2011-0966 is classified as a high severity vulnerability due to its directory traversal exploitation potential.

How do I fix CVE-2011-0966?

To fix CVE-2011-0966, upgrade CiscoWorks Common Services to version 3.4 or later.

What systems are affected by CVE-2011-0966?

CVE-2011-0966 affects CiscoWorks Common Services 3.3 and earlier versions including 1.0, 2.2, 3.0, and their variants.

What type of attack can exploit CVE-2011-0966?

CVE-2011-0966 can be exploited by remote attackers to read arbitrary files through directory traversal techniques.

Is there a workaround for CVE-2011-0966?

Implementing strict input validation and disabling unnecessary services can mitigate some risks associated with CVE-2011-0966.

Vulnerability/
CVE-2011-0966

medium

6.8

CWE

20/5/2011

6/8/2024

CVE-2011-0966: Path Traversal

First published: Fri May 20 2011(Updated: )

Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco CiscoWorks Common Services	=2.2
Cisco CiscoWorks Common Services	<=3.3
Cisco CiscoWorks Common Services	=3.0.6
Cisco CiscoWorks Common Services	=3.0.4
Cisco CiscoWorks Common Services	=3.2
Cisco CiscoWorks Common Services	=1.0
Cisco CiscoWorks Common Services	=3.1.1
Cisco CiscoWorks Common Services	=3.0
Cisco CiscoWorks Common Services	=3.1
Cisco CiscoWorks Common Services	=3.0.3
Cisco CiscoWorks Common Services	=3.0.5
	<=3.3
	=1.0
	=2.2
	=3.0
	=3.0.3
	=3.0.4
	=3.0.5
	=3.0.6
	=3.1
	=3.1.1
	=3.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-0966?
CVE-2011-0966 is classified as a high severity vulnerability due to its directory traversal exploitation potential.
How do I fix CVE-2011-0966?
To fix CVE-2011-0966, upgrade CiscoWorks Common Services to version 3.4 or later.
What systems are affected by CVE-2011-0966?
CVE-2011-0966 affects CiscoWorks Common Services 3.3 and earlier versions including 1.0, 2.2, 3.0, and their variants.
What type of attack can exploit CVE-2011-0966?
CVE-2011-0966 can be exploited by remote attackers to read arbitrary files through directory traversal techniques.
Is there a workaround for CVE-2011-0966?
Implementing strict input validation and disabling unnecessary services can mitigate some risks associated with CVE-2011-0966.

agent/type
agent/references
agent/severity
agent/weakness
agent/description
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
collector/nvd-index
agent/author
vendor/cisco
canonical/cisco ciscoworks common services
version/cisco ciscoworks common services/2.2
version/cisco ciscoworks common services/3.3
version/cisco ciscoworks common services/3.0.6
version/cisco ciscoworks common services/3.0.4
version/cisco ciscoworks common services/3.2
version/cisco ciscoworks common services/1.0
version/cisco ciscoworks common services/3.1.1
version/cisco ciscoworks common services/3.0
version/cisco ciscoworks common services/3.1
version/cisco ciscoworks common services/3.0.3
version/cisco ciscoworks common services/3.0.5