CERT-In Vulnerability Note CIVN-2010-171
Cisco Content Delivery System Internet Streamer Directory Traversal Vulnerability
Original Issue Date: July 26, 2010
Severity Rating:Medium
System Affected
- Cisco Content Delivery System versions prior to 2.5.7
Overview
A vulnerability has been reported in Cisco Content Delivery System, which can be exploited by malicious people to disclose sensitive information.
Description
The Cisco Content Delivery System (CDS) is an integrated system with a network-based architecture that transcends existing streaming solutions. It incorporates both TV streaming applications for content delivery to digital televisions and set-top boxes (STBs) as well as Internet streaming applications for content delivery to IP-enabled devices such as PCs and Wi-Fi-connected mobile phones.
A Directory Traversal Vulnerability exists because of an input validation error in the Cisco Internet Streamer web server component when processing HTTP requests. A remote could exploit this vulnerability by sending a specially crafted URL to view arbitrary files on the device outside the web server document directory , including password files and system logs.
Solution
Apply appropriate software fixes as mentioned in
Cisco Security Advisory
Vendor Information
CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml
References
CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml
Security Tracker
http://securitytracker.com/alerts/2010/Jul/1024234.html
VUPEN
http://www.vupen.com/english/advisories/2010/1881
Secunia
http://secunia.com/advisories/40701/
CVE Name
CVE-2010-1577
Disclaimer The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
