CVE-2006-3290
Summary
| CVE | CVE-2006-3290 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-06-28 23:05:00 UTC |
| Updated | 2017-07-20 01:32:00 UTC |
| Description | HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Wireless Control System | All | All | All | All |
| Hardware | Cisco | Wireless Control System | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Wireless Control System Multiple Vulnerabilities - Advisories - Secunia | SECUNIA | secunia.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| SecurityTracker.com Archives - Cisco Wireless Control System Lets Remote Users Read/Write Files, View Sensitive Information, Access the Systems, and Conduct Cross-Site Scripting Attacks | SECTRACK | securitytracker.com | |
| Cisco - Networking, Cloud, and Cybersecurity Solutions | CISCO | www.cisco.com | Patch |
| 26879 | OSVDB | www.osvdb.org | |
| Cisco Wireless Control System Multiple Security Vulnerabilities | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.