CVE-2002-1098

2002-10-04T04:00:00
ID CVE-2002-1098
Type cve
Reporter cve@mitre.org
Modified 2018-10-30T16:26:00

Description

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.