CVE-2001-0748
published 2001-10-18CVE-2001-0748: Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash)…
PriorityP431medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
9.21%
94.7th percentile
Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acme_labs | acme_server | — | — |
| cisco | secure_acs_unix_acme.server | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_cisco3.3LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f374-v37m-vrcw: Acme
ghsa_unreviewed·2022-04-30
CVE-2001-0748 [MEDIUM] CWE-20 GHSA-f374-v37m-vrcw: Acme
Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI.
Cisco
Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability
vendor_cisco·2002-07-02·CVSS 3.3
CVE-2001-0748 [LOW] CWE-22 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability
Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability
Cisco Secure Access Control Server for Unix implements the Acme.server
and is therefore vulnerable to a directory traversal vulnerability. The fix has
been included in ACS Unix version 2.3.6.1 which is currently available.
This vulnerability is detailed in Cisco Bug ID CSCdu47965.
This advisory is available at:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20020702-acsunix-acmeweb.
Cisco
Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability
vendor_cisco
CVE-2001-0748 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability
CVE-2001-0748: Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability
Cisco Secure Access Control Server for Unix implements the Acme.server and is therefore vulnerable to a directory traversal vulnerability. The fix has been included in ACS Unix version 2.3.6.1 which is currently available. This vulnerability is detailed in Cisco Bug ID CSCdu47965. This advisory is available at: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20020702-acsunix-acmeweb .
CWE: CWE-22, CWE-22
Bug IDs: CSCdu47965, CSCdu47965
No detection rules found.
No writeups or analysis indexed.
http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtmlhttp://www.iss.net/security_center/static/6634.phphttp://www.osvdb.org/5544http://www.securityfocus.com/archive/1/188141http://www.securityfocus.com/bid/2809http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtmlhttp://www.iss.net/security_center/static/6634.phphttp://www.osvdb.org/5544http://www.securityfocus.com/archive/1/188141http://www.securityfocus.com/bid/2809
2001-10-18
Published