Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-20140807-CVE-2003-1567
HistoryAug 07, 2014 - 8:55 p.m.

Cisco Enterprise Content Delivery System Manager HTTP TRACK Vulnerability

2014-08-0720:55:45
tools.cisco.com
38

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS

0.007

Percentile

81.0%

JSON

A vulnerability in the HTTP TRACK/TRACE method of the Cisco Enterprise Content Delivery System (ECDS) could allow an unauthenticated, remote attacker read access to some information stored in the affected system.

The vulnerability is due to an affected web server. An attacker could exploit this vulnerability by using TRACK to read the content of the HTTP headers that are returned in the response.

Cisco has confirmed the vulnerability in a security notice and released software updates.

A successful exploit could allow an attacker to gain read access to sensitive information stored on a targeted system. The information could allow the attacker to conduct further attacks.

Affected configurations

Vulners
Node
ciscoenterprise_content_delivery_systemMatchany
OR
ciscoenterprise_content_delivery_systemMatchany
VendorProductVersionCPE
ciscoenterprise_content_delivery_systemanycpe:2.3:a:cisco:enterprise_content_delivery_system:any:*:*:*:*:*:*:*

Related

cve 1
nvd 1
cvelist 1
cert 1
openvas 2
nessus 1
f5 2
pentestpartners 1
cve
cve
CVE-2003-1567
2009-01-15 00:30:00
nvd
nvd
CVE-2003-1567
2009-01-15 00:30:00
cvelist
cvelist
CVE-2003-1567
2009-01-15 00:00:00
cert
cert
Microsoft Internet Information Server (IIS) vulnerable to cross-site scripting via HTTP TRACK method
2004-01-05 00:00:00
openvas
openvas
http TRACE XSS attack
2005-11-03 00:00:00
HTTP Debugging Methods (TRACE/TRACK) Enabled
2005-11-03 00:00:00
nessus
nessus
HTTP TRACE / TRACK Methods Allowed
2003-01-23 00:00:00
f5
f5
SOL15904 - Multiple third-party application-server vulnerabilities
2014-12-11 00:00:00
K15904 : Multiple third-party application-server vulnerabilities
2014-12-11 00:00:00
pentestpartners
pentestpartners
Vulnerabilities that aren’t. Cross Site Tracing / XST
2022-01-25 06:08:46

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS

0.007

Percentile

81.0%

JSON
Related for CISCO-SA-20140807-CVE-2003-1567
cve1nvd1cvelist1cert1openvas2nessus1f52pentestpartners1