Cisco-SA-20140807-CVE-2003-1567

Cisco Enterprise Content Delivery System Manager HTTP TRACK Vulnerability

Cisco-SA-20140807-CVE-2003-1567 · Medium · Published 11 years ago · Updated 11 years ago

A vulnerability in the HTTP TRACK/TRACE method of the Cisco Enterprise Content Delivery System (ECDS) could allow an unauthenticated, remote attacker read access to some information stored in the affected system. The vulnerability is due to an affected web server. An attacker could exploit this vulnerability by using TRACK to read the content of the HTTP headers that are returned in the response. Cisco has confirmed the vulnerability in a security notice and released software updates. A successful exploit could allow an attacker to gain read access to sensitive information stored on a targeted system. The information could allow the attacker to conduct further attacks.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to monitor affected systems.

CVEs	CVE-2003-1567
Cisco Bug IDs	CSCuo51042
CVSS Score	Base 5.8 Base 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C
Product Names From Source	Cisco Enterprise Content Delivery System (ECDS)

Related Products

Product	CVE	Evidence

Vulnslist

find the latest Cisco vulnerabilities

Cisco Enterprise Content Delivery System Manager HTTP TRACK Vulnerability

Workarounds

Related Products