CVE-2002-0778

Summary

CVE	CVE-2002-0778
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2002-08-12 04:00:00 UTC
Updated	2025-04-03 01:03:51 UTC
Description	The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP.

Risk And Classification

Primary CVSS: v2.0 7.5 from [email protected]

AV:N/AC:L/Au:N/C:P/I:P/A:P

Problem Types: NVD-CWE-Other | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Cisco	Cache Engine 505	2.4.0	All	All	All
Hardware	Cisco	Cache Engine 505	3.0	All	All	All
Hardware	Cisco	Cache Engine 550	All	All	All	All
Hardware	Cisco	Cache Engine 550	2.2.0	All	All	All
Hardware	Cisco	Cache Engine 550	2.4.0	All	All	All
Hardware	Cisco	Cache Engine 550	3.0	All	All	All
Hardware	Cisco	Cache Engine 570	2.2.0	All	All	All
Hardware	Cisco	Cache Engine 570	2.4.0	All	All	All
Hardware	Cisco	Cache Engine 570	3.0	All	All	All
Hardware	Cisco	Cache Engine 570	570	All	All	All
Application	Cisco	Content Distribution Manager 4630	All	All	All	All
Application	Cisco	Content Distribution Manager 4630	4.0	All	All	All
Application	Cisco	Content Distribution Manager 4630	4.1	All	All	All
Application	Cisco	Content Distribution Manager 4650	All	All	All	All
Application	Cisco	Content Distribution Manager 4650	4.0	All	All	All
Application	Cisco	Content Distribution Manager 4650	4.1	All	All	All
Application	Cisco	Content Engine	507	All	All	All
Application	Cisco	Content Engine	507_2.2.0	All	All	All
Application	Cisco	Content Engine	507_3.1	All	All	All
Application	Cisco	Content Engine	507_4.0	All	All	All
Application	Cisco	Content Engine	507_4.1	All	All	All
Application	Cisco	Content Engine	560	All	All	All
Application	Cisco	Content Engine	560_2.2.0	All	All	All
Application	Cisco	Content Engine	560_3.1	All	All	All
Application	Cisco	Content Engine	560_4.0	All	All	All
Application	Cisco	Content Engine	560_4.1	All	All	All
Application	Cisco	Content Engine	590	All	All	All
Application	Cisco	Content Engine	590_2.2.0	All	All	All
Application	Cisco	Content Engine	590_3.1	All	All	All
Application	Cisco	Content Engine	590_4.0	All	All	All
Application	Cisco	Content Engine	590_4.1	All	All	All
Application	Cisco	Content Engine	7320	All	All	All
Application	Cisco	Content Engine	7320_2.2.0	All	All	All
Application	Cisco	Content Engine	7320_3.1	All	All	All
Application	Cisco	Content Engine	7320_4.0	All	All	All
Application	Cisco	Content Engine	7320_4.1	All	All	All
Hardware	Cisco	Content Router 4430	All	All	All	All
Application	Cisco	Enterprise Content Delivery Network Software	4.0	All	All	All
Application	Cisco	Enterprise Content Delivery Network Software	4.1	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
ISS X-Force Database: cisco-cache-content-tcp-forward (9082): Cisco Cache and Content Engines could allow an attacker to spoof the origin IP of forwarded TCP traffic	af854a3a-2127-422b-91ae-364da2661108	www.iss.net	Vendor Advisory
Cisco Security Advisory: Transparent Cache Engine and Content Engine TCP Relay Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.cisco.com	Vendor Advisory
Cisco Cache Engine Default Configuration Arbitrary User Proxy Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Patch, Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.