CVE-2011-0966
CiscoWorks Common Services 3.1.1 - Auditing Directory Traversal
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
5
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577.
Vulnerabilidad de salto de directorio en cwhp/auditLog.do en el componente Homepage Auditing en Cisco CiscoWorks Common Services v3.3 y anteriores permite a atacantes remotos leer archivos de su elección a través de un .. (punto punto) en el parámetro de archivo, también conocido como Bug ID CSCto35577.
Cisco Unified Operations Manager suffers from cross site scripting, remote SQL injection, and directory traversal vulnerabilities. Versions 8.0 and 8.5 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-02-10 CVE Reserved
- 2011-05-18 CVE Published
- 2011-05-18 First Exploit
- 2024-02-27 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://tools.cisco.com/security/center/viewAlert.x?alertId=23089 | X_refsource_confirm | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/67525 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/35781 | 2011-05-18 | |
https://www.exploit-db.com/exploits/17304 | 2011-05-18 | |
http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html | 2024-08-06 | |
http://www.exploit-db.com/exploits/17304 | 2024-08-06 | |
http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Ciscoworks Common Services Search vendor "Cisco" for product "Ciscoworks Common Services" | <= 3.3 Search vendor "Cisco" for product "Ciscoworks Common Services" and version " <= 3.3" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ciscoworks Common Services Search vendor "Cisco" for product "Ciscoworks Common Services" | 1.0 Search vendor "Cisco" for product "Ciscoworks Common Services" and version "1.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ciscoworks Common Services Search vendor "Cisco" for product "Ciscoworks Common Services" | 2.2 Search vendor "Cisco" for product "Ciscoworks Common Services" and version "2.2" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ciscoworks Common Services Search vendor "Cisco" for product "Ciscoworks Common Services" | 3.0 Search vendor "Cisco" for product "Ciscoworks Common Services" and version "3.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ciscoworks Common Services Search vendor "Cisco" for product "Ciscoworks Common Services" | 3.0.3 Search vendor "Cisco" for product "Ciscoworks Common Services" and version "3.0.3" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ciscoworks Common Services Search vendor "Cisco" for product "Ciscoworks Common Services" | 3.0.4 Search vendor "Cisco" for product "Ciscoworks Common Services" and version "3.0.4" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ciscoworks Common Services Search vendor "Cisco" for product "Ciscoworks Common Services" | 3.0.5 Search vendor "Cisco" for product "Ciscoworks Common Services" and version "3.0.5" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ciscoworks Common Services Search vendor "Cisco" for product "Ciscoworks Common Services" | 3.0.6 Search vendor "Cisco" for product "Ciscoworks Common Services" and version "3.0.6" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ciscoworks Common Services Search vendor "Cisco" for product "Ciscoworks Common Services" | 3.1 Search vendor "Cisco" for product "Ciscoworks Common Services" and version "3.1" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ciscoworks Common Services Search vendor "Cisco" for product "Ciscoworks Common Services" | 3.1.1 Search vendor "Cisco" for product "Ciscoworks Common Services" and version "3.1.1" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ciscoworks Common Services Search vendor "Cisco" for product "Ciscoworks Common Services" | 3.2 Search vendor "Cisco" for product "Ciscoworks Common Services" and version "3.2" | - |
Affected
|