Cisco Enterprise Content Delivery System Manager HTTP TRACK Vulnerability

2014-08-07T20:55:45
ID CISCO-SA-20140807-CVE-2003-1567
Type cisco
Reporter Cisco
Modified 2014-08-07T20:55:39

Description

A vulnerability in the HTTP TRACK/TRACE method of the Cisco Enterprise Content Delivery System (ECDS) could allow an unauthenticated, remote attacker read access to some information stored in the affected system.

The vulnerability is due to an affected web server. An attacker could exploit this vulnerability by using TRACK to read the content of the HTTP headers that are returned in the response.

Cisco has confirmed the vulnerability in a security notice and released software updates.

A successful exploit could allow an attacker to gain read access to sensitive information stored on a targeted system. The information could allow the attacker to conduct further attacks.