CiscoSecure ACS for Windows CSAdmin Login Overflow DoS

High Nessus Plugin ID 11556

Synopsis

Arbitrary code may be executed on the remote host.

Description

The remote web server crashed when the 'login.exe' CGI received a too login query string. This leads to a denial of service or even execution of arbitrary code. Some versions of Cisco Secure ACS web server are known to be vulnerable to this flaw.

Solution

Install ACS for Windows versions 3.0.4, 3.1.2, or later

See Also

http://www.nessus.org/u?9a387006

Plugin Details

Severity: High

ID: 11556

File Name: cisco_acs_web_overflow.nasl

Version: 1.25

Type: remote

Family: Web Servers

Published: 2003/04/30

Updated: 2018/07/06

Dependencies: 10107

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:secure_access_control_server

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2003/04/23

Vulnerability Publication Date: 2003/04/23

Reference Information

CVE: CVE-2003-0210

BID: 7413

CERT: 697049

NSFOCUS: SA2003-04