CVE-2015-6259
Summary
| CVE | CVE-2015-6259 |
|---|---|
| State | PUBLISHED |
| Assigner | cisco |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-09-04 01:59:02 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
NoneIntegrity
CompleteAvailability
CompleteAV:N/AC:L/Au:N/C:N/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Integrated Management Controller Supervisor | All | All | All | All |
| Application | Cisco | Unified Computing System Director | 3.4_base | All | All | All |
| Application | Cisco | Unified Computing System Director | 4.0_base | All | All | All |
| Application | Cisco | Unified Computing System Director | 4.1_base | All | All | All |
| Application | Cisco | Unified Computing System Director | 5.0.0.0 | All | All | All |
| Application | Cisco | Unified Computing System Director | 5.0.0.1 | All | All | All |
| Application | Cisco | Unified Computing System Director | 5.0.0.2 | All | All | All |
| Application | Cisco | Unified Computing System Director | 5.0.0.3 | All | All | All |
| Application | Cisco | Unified Computing System Director | 5.1.0.0 | All | All | All |
| Application | Cisco | Unified Computing System Director | 5.1.0.1 | All | All | All |
| Application | Cisco | Unified Computing System Director | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | tools.cisco.com | Vendor Advisory |
| Cisco Unified Computing System Director Input Validation Flaw in JSP Lets Remote Authenticated Users Overwrite Arbitrary Files on the Target System - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.