VULHUB ™

ACS is the commercial access control server distributed and maintained by Cisco Systems. This problem affects CiscoSecure ACS on the Microsoft Windows platform. ACS does not properly handle user-supplied input. Under some circumstances, it may be possible for a remote user to read arbitrary files. By supplying a custom crafted URL to the ACS, an attacker may be able to read a file in a known location on the partition which the ACS software is installed. These file types are limited those ending in .html, .htm, .class, .jpeg, .jpg, and .gif.

ACS is the commercial access control server distributed and maintained by Cisco Systems. This problem affects CiscoSecure ACS on the Microsoft Windows platform. ACS does not properly handle user-supplied input. Under some circumstances, it may be possible for a remote user to read arbitrary files. By supplying a custom crafted URL to the ACS, an attacker may be able to read a file in a known location on the partition which the ACS software is installed. These file types are limited those ending in .html, .htm, .class, .jpeg, .jpg, and .gif.