Cisco Application Control Engine Login Administrator IP Address Overlap (cisco-sa-20120620-ace)

The Cisco Application Control Engine ACE software installed on the remote Cisco IOS device is earlier than A42.3 / A51.1. It, therefore, potentially does not properly share a management IP address among multiple contexts when multicontext mode is enabled. This might allow an administrative user t...

Cisco Application Control Engine (ACE) Version

Cisco Application Control Engine ACE software is installed on the remote Cisco IOS or ACE device. It is a load-balancing and application-delivery solution for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers, and it is also available as an appliance. TRUSTED...

Cisco Application Control Engine privilege escalation

Context administrator can access wrong context...

Cisco Security Advisory: Cisco Application Control Engine Administrator IP Address Overlap Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Application Control Engine Administrator IP Address Overlap Vulnerability Advisory ID: cisco-sa-20120620-ace Revision 1.0 For Public Release 2012 June 20 16:00 UTC GMT +---------------------------------------------------------------------...

CVE-2010-2825

Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine ACE Module with software A21.x before A21.6, A22.x before A22.3, and A23.x before A23.1 for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine ACE 4710...

Design/Logic Flaw

Unspecified vulnerability on the Cisco Application Control Engine ACE Module with software A21.x before A21.6, A22.x before A22.3, and A23.x before A23.1 for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service device reload via a sequence of...

Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

CVE-2010-2629

The Cisco Content Services Switch CSS 11500 with software 8.20.4.02 and the Application Control Engine ACE 4710 with software A23.0 do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling...

CVE-2010-2629

The Cisco Content Services Switch CSS 11500 with software 8.20.4.02 and the Application Control Engine ACE 4710 with software A23.0 do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling...

CVE-2010-1576

The Cisco Content Services Switch CSS 11500 with software before 8.20.4.02 and the Application Control Engine ACE 4710 with software before A23.0 do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to...

Cisco Application Control Engine (ACE) - HTTP Parsing Security

Cisco Application Control Engine ACE - HTTP Parsing Security source: https://www.securityfocus.com/bid/40002/info Cisco Application Control Engine ACE is prone to a security weakness that may allow attackers to obfuscate HTTP server log entries. Attackers can exploit this issue to avoid having...

Cisco Application Control Engine (ACE) - HTTP Parsing Security

source: https://www.securityfocus.com/bid/40002/info Cisco Application Control Engine ACE is prone to a security weakness that may allow attackers to obfuscate HTTP server log entries. Attackers can exploit this issue to avoid having client IP addresses logged by servers. GET / HTTP / 1 . 1 HOST:...

CVE-2009-0623

Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A21.3 and Cisco ACE 4710 Application Control Engine Appliance before A32.1 allows remote attackers to cause a denial of service device reload via a crafted SSH packet...

Design/Logic Flaw

Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A21.2 and Cisco ACE 4710 Application Control Engine Appliance before A18a allows remote authenticated users to execute arbitrary operating-system commands through a command...

Default credentials

The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information...

CVE-2009-0615

CVE-2009-0615 concerns directory traversal in Cisco ANM before 2.0 and ACE Device Manager before A3(2.1). Exploitation by an authenticated remote user could read/modify arbitrary files, potentially exposing host OS data due to invalid directory permissions. Related CVEs cover additional ANM flaws...

CVE-2009-0622

CVE-2009-0622 affects Cisco ACE Application Control Engine Module for Catalyst 6500/7600 and Cisco ACE 4710 Appliance. Multiple vulnerabilities exist, including default credentials (leading to credential compromise and potential OS access via the device CLI), privilege escalation for authenticate...

CVE-2008-3819

dnsserver in Cisco Application Control Engine Global Site Selector GSS before 3.01 allows remote attackers to cause a denial of service daemon crash via a series of crafted DNS requests, aka Bug ID CSCsj70093...

CVE-2008-3819

dnsserver in Cisco Application Control Engine Global Site Selector GSS before 3.01 allows remote attackers to cause a denial of service daemon crash via a series of crafted DNS requests, aka Bug ID CSCsj70093...

Cisco服务控制引擎SSH服务器多个拒绝服务漏洞

BUGTRAQ ID: 29316 CVECAN ID: CVE-2008-0534,CVE-2008-0535,CVE-2008-0536 Cisco服务控制引擎（SCE）设备提供高性能的高级应用层带宽优化、状态应用检查、基于会话的分类和网络通讯控制等功能。 SSH登录行为漏洞 在SSH登录行为期间可能触发影响SCE SSH服务器的漏洞，导致系统不稳定或SCE重载。如果在积极间隔期间调用了特定的SSH进程的话，就会导致临时的资源不可用。 这个漏洞在Cisco Bug ID中记录为CSCsi68582，所分配的CVE ID为CVE-2008-0534。 SSH登录行为导致非法输入/输出操...