SecuritySpace - CVE-2002-1098

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2002-1098

Description: Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2002-1098
BugTraq ID: 5614
http://www.securityfocus.com/bid/5614
Cisco Security Advisory: 20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
XForce ISS Database: cisco-vpn-xml-filter(10023)
http://www.iss.net/security_center/static/10023.php

CVE ID:	CVE-2002-1098
Description:	Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1098 BugTraq ID: 5614 http://www.securityfocus.com/bid/5614 Cisco Security Advisory: 20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml XForce ISS Database: cisco-vpn-xml-filter(10023) http://www.iss.net/security_center/static/10023.php