Acme.Serve v1.7任意文件访问漏洞

漏洞信息详情

Acme.Serve v1.7任意文件访问漏洞

• CNNVD编号：CNNVD-200110-111
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2001-0748
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2001-10-18
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-08-03
  
• 厂        商：
  
  acme_labs
• 漏洞来源：
  on May 31st, 2001.’);”>This was posted to…

用于Cisco Secure ACS Unix及可能其他的产品中的Acme.Serve 1.7存在漏洞。远程攻击者可以通过预先放置几个/（斜杠）字符到URI来读取任意文件。

Cisco has released version 2.3.6.1 of Secure ACS for UNIX, which resolves this issue. Customers are advised to obtain an update through their regular update channels.
Cisco Secure ACS for Unix 2.0

• Cisco Secure ACS for Unix 2.3.6.1
  
  http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-acs

Cisco Secure ACS for Unix 2.3

• Cisco Secure ACS for Unix 2.3.6.1
  
  http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-acs

Cisco Secure ACS for Unix 2.3.5 .1

• Cisco Secure ACS for Unix 2.3.6.1
  
  http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-acs

来源: BUGTRAQ
名称: 20010531 Acme.Server v1.7 of 13nov96 Directory Browsing
链接:http://www.securityfocus.com/archive/1/188141

来源: BID
名称: 2809
链接:http://www.securityfocus.com/bid/2809

来源: OSVDB
名称: 5544
链接:http://www.osvdb.org/5544

来源: XF
名称: acme-serve-directory-traversal(6634)
链接:http://www.iss.net/security_center/static/6634.php

来源: CISCO
名称: 20020702 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability
链接:http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml