CiscoCISCO-SA-20140807-CVE-2003-1567Cisco Enterprise Content Delivery System Manager HTTP TRACK Vulnerability
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.047 Low
EPSS
Percentile
92.6%
A vulnerability in the HTTP TRACK/TRACE method of the Cisco Enterprise Content Delivery System (ECDS) could allow an unauthenticated, remote attacker read access to some information stored in the affected system.
The vulnerability is due to an affected web server. An attacker could exploit this vulnerability by using TRACK to read the content of the HTTP headers that are returned in the response.
Cisco has confirmed the vulnerability in a security notice and released software updates.
A successful exploit could allow an attacker to gain read access to sensitive information stored on a targeted system. The information could allow the attacker to conduct further attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cisco enterprise content delivery system (ecds) | eq | any | |
| cisco enterprise content delivery system (ecds) | eq | any |
Related
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.047 Low
EPSS
Percentile
92.6%