CVE-2006-3226

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control Server
Vendor: CVE Published:; 26 June 2006

Summary

Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability."

References

http://securitytracker.com/id?1016369

vdb-entryx_refsource_SECTRACK

http://www.osvdb.org/26825

vdb-entryx_refsource_OSVDB

http://securityreason.com/securityalert/1157

third-party-advisoryx_refsource_SREASON

Timeline

Vulnerability published
Jun 26, 2006
Vulnerability Reserved
Jun 26, 2006