Cisco Security Advisory : CDS Internet Streamer: Web Server Directory Traversal Vulnerability

Users of Cisco Security Advisory please be advised of a CDS Internet Streamer: Web Server Directory Traversal Vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

cisco-sa-20100721-spcdn: CDS Internet Streamer: Web Server Directory Traversal Vulnerability

Cisco Security Advisory

Summary ======= The Cisco Internet Streamer application, part of the Cisco Content Delivery System, contains a directory traversal vulnerability on its web server component that allows for arbitrary file access. By exploiting this vulnerability, an attacker may be able to read arbitrary files on the device, outside of the web server document directory, by using a specially crafted URL. An unauthenticated attacker may be able to exploit this issue to access sensitive information, including the password files and system logs, which could be leveraged to launch subsequent attacks. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/9tcykA