|
Cisco Clean Access Manager Obsolete JSP Files Vulnerability
|
|
Secunia Advisory:
|
SA18103
|
|
|
Release Date:
|
2005-12-22
|
|
Popularity:
|
7,300 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
DoS
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Cisco Clean Access (CCA) 3.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Alex Lanstein has reported a vulnerability in Cisco CAM (Clean Access Manager), which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to missing authentication on several obsolete JSP files (e.g. "/admin/uploadclient.jsp", "apply_firmware_action.jsp" and "file.jsp") that is present on the Secure Smart Manager. This can be exploited to upload files onto the affected system without requiring authentication, potentially to cause a DoS by filling up the disk space.
The vulnerability has been reported in 3.5.5. Other versions may also be affected.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
