CVE-2002-0160

The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002.

Severity	MEDIUM
CVSS	5.0
CWE	NVD-CWE-Other
KEV
Published	24 years ago
Modified	1 month ago

Related Products

Product	Advisory	Evidence
Cisco Secure Access Control Server (ACS) for Windows 2000/ NT	cisco-sa-20020403-acs-win-web	Cisco OpenVuln
Cisco Secure Access Control Server (ACS) for Windows	cisco-sa-20020403-acs-win-web	Cisco OpenVuln