Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909.
http://www.securitytracker.com/id/1032445
http://tools.cisco.com/security/center/viewAlert.x?alertId=38944