Java Policy File Vulnerability in Cisco Optical Networking System
CVE-2006-1672

Currently unrated

Key Information:

Vendor: Cisco
Status: Transport Controller
Vendor: CVE Published:; 7 April 2006

What is CVE-2006-1672?

A vulnerability exists in the Cisco Transport Controller (CTC) for the Optical Networking System (ONS) 15000 series. This flaw is due to the inclusion of a wildcard entry in a Java policy file, which grants excessive permissions—specifically, the java.security.AllPermission—to any HTTP URL that contains 'fs/LAUNCHER.jar'. This oversight permits remote attackers to execute arbitrary code on a CTC workstation, leading to potential breaches in system integrity and confidentiality.

References

http://www.vupen.com/english/advisories/2006/1256

vdb-entryx_refsource_VUPEN

http://www.osvdb.org/24438

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/19553

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2006
Vulnerability Reserved
Apr 7, 2006