CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2011-0966

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1680%
EPSS Percentile38.01th
Published2011年5月20日
Last Modified2026年4月29日

Vulnerability Description

Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577.

Affected Platforms (CPE)

📦
Cisco

Ciscoworks Common Services

<= 3.3
📦
Cisco

Ciscoworks Common Services

= 1.0
📦
Cisco

Ciscoworks Common Services

= 2.2
📦
Cisco

Ciscoworks Common Services

= 3.0
📦
Cisco

Ciscoworks Common Services

= 3.0.3
📦
Cisco

Ciscoworks Common Services

= 3.0.4
📦
Cisco

Ciscoworks Common Services

= 3.0.5
📦
Cisco

Ciscoworks Common Services

= 3.0.6
📦
Cisco

Ciscoworks Common Services

= 3.1
📦
Cisco

Ciscoworks Common Services

= 3.1.1
📦
Cisco

Ciscoworks Common Services

= 3.2

References & Advisories

🔗 http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html
🔗 http://tools.cisco.com/security/center/viewAlert.x?alertId=23089
🔗 http://www.exploit-db.com/exploits/17304
🔗 http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/67525
🔗 http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html
🔗 http://tools.cisco.com/security/center/viewAlert.x?alertId=23089
🔗 http://www.exploit-db.com/exploits/17304

相關漏洞威脅

CVE-2009-116110.0

Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, a...

CVE-2010-303610.0

Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before ...

CVE-2008-20549.3

Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary cod...

CVE-2011-33109.0

The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, ...