CVE-2006-3290 - HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensi

CVE-2006-3290

Summary

HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request.

References

Vulnerable Configurations

cpe:2.3:h:cisco:wireless_control_system:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_control_system:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_control_system:3.2\(40\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_control_system:3.2\(40\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_control_system:3.2\(51\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_control_system:3.2\(51\):*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	18701
cisco	20060628 Multiple Vulnerabilities in Wireless Control System
osvdb	26879
sectrack	1016398
secunia	20870
vupen	ADV-2006-2583
xf	cisco-wcs-http-information-disclosure(27442)

Last major update

20-07-2017 - 01:32

Published

28-06-2006 - 23:05

Last modified

20-07-2017 - 01:32