File Reading Vulnerability in Cisco IronPort Encryption Appliance
CVE-2010-0144

Currently unrated

Key Information:

Vendor: Cisco
Status: Ironport Encryption Appliance; Ironport Postx
Vendor: CVE Published:; 11 February 2010

What is CVE-2010-0144?

The Cisco IronPort Encryption Appliance contains a vulnerability in the WebSafe DistributorServlet within its embedded HTTPS server, which allows remote attackers to read arbitrary files. This vulnerability affects specific versions of the device, enabling unauthorized access without proper authentication. The flaw highlights the necessity for meticulous security practices and timely updates to mitigate potential risks. Organizations using the affected versions should undertake immediate actions to apply patches or implement workarounds as described in Cisco’s security advisories.

References

http://www.cisco.com/en/US/products/products_applied_miti...

x_refsource_CONFIRM

http://secunia.com/advisories/38525

third-party-advisoryx_refsource_SECUNIA

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2010
Vulnerability Reserved
Jan 4, 2010