Vulnerabilities > CVE-2005-4332 - JSP Pages Access Validation vulnerability in Cisco Clean Access
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp.
Vulnerable Configurations
References
- http://secunia.com/advisories/18103
- http://securityreason.com/securityalert/265
- http://securitytracker.com/id?1015375
- http://www.awarenetwork.org/forum/viewtopic.php?p=2236
- http://www.cisco.com/warp/public/707/cisco-response-20051221-CCA.shtml
- http://www.osvdb.org/21956
- http://www.osvdb.org/21957
- http://www.osvdb.org/21958
- http://www.securityfocus.com/archive/1/419645/100/0/threaded
- http://www.securityfocus.com/archive/1/420008/100/0/threaded
- http://www.securityfocus.com/bid/15909
- http://www.vupen.com/english/advisories/2005/3007