Cisco Secure Access Control Server (ACS) 4.x for Windows uses the clientβs IP address and the serverβs port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka βACS Weak Session Management Vulnerability.β
secunia.com/advisories/20816
securityreason.com/securityalert/1157
securitytracker.com/id?1016369
www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html
www.osvdb.org/26825
www.securityfocus.com/archive/1/438161/100/0/threaded
www.securityfocus.com/archive/1/438258/100/0/threaded
www.securityfocus.com/bid/18621
www.vupen.com/english/advisories/2006/2524
exchange.xforce.ibmcloud.com/vulnerabilities/27328