Directory Traversal Vulnerability in Cisco IDS Device Manager
CVE-2002-0908

Currently unrated

Key Information:

Vendor: Cisco
Status: Ids Device Manager
Vendor: CVE Published:; 4 October 2002

What is CVE-2002-0908?

A directory traversal vulnerability exists in the web server component of Cisco IDS Device Manager prior to version 3.1.2. This flaw allows remote attackers to manipulate HTTP requests to gain unauthorized access to arbitrary files on the server by exploiting the '..' (dot dot) sequence in the URL, potentially leading to the exposure of sensitive information and system files.

References

http://www.iss.net/security_center/static/9174.php

vdb-entryx_refsource_XF

http://archives.neohapsis.com/archives/bugtraq/2002-05/02...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/4760

vdb-entryx_refsource_BID

EPSS Score

10% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2002
Vulnerability Reserved
Aug 16, 2002