Back to search
CVE-2006-1672
Published: Apr 7, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing "fs/LAUNCHER.jar", which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2006-1256
vdb-entry
x_refsource_VUPEN
24438
vdb-entry
x_refsource_OSVDB
19553
third-party-advisory
x_refsource_SECUNIA
cisco-ons-ctc-code-execution(25647)
vdb-entry
x_refsource_XF
17384
vdb-entry
x_refsource_BID
1015871
vdb-entry
x_refsource_SECTRACK
20060405 Cisco Optical Networking System 15000 Series and Cisco Transport Controller Vulnerabilities
vendor-advisory
x_refsource_CISCO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now