Vulnerability Description
The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Content Distribution Manager 4630 | All versions |
| Cisco | Content Distribution Manager 4650 | All versions |
| Cisco | Content Engine | 507 |
| Cisco | Enterprise Content Delivery Network Software | 4.0 |
| Cisco | Cache Engine 505 | 2.4.0 |
| Cisco | Cache Engine 550 | All versions |
| Cisco | Cache Engine 570 | 2.2.0 |
| Cisco | Content Router 4430 | All versions |
References
- http://www.cisco.com/warp/public/707/transparentcache-tcp-relay-vuln-pub.shtmlVendor Advisory
- http://www.iss.net/security_center/static/9082.phpVendor Advisory
- http://www.securityfocus.com/bid/4751PatchVendor Advisory
- http://www.cisco.com/warp/public/707/transparentcache-tcp-relay-vuln-pub.shtmlVendor Advisory
- http://www.iss.net/security_center/static/9082.phpVendor Advisory
- http://www.securityfocus.com/bid/4751PatchVendor Advisory
FAQ
What is CVE-2002-0778?
CVE-2002-0778 is a vulnerability with a CVSS score of 7.5 (HIGH). The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP.
How severe is CVE-2002-0778?
CVE-2002-0778 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0778?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Content Distribution Manager 4630, Cisco Content Distribution Manager 4650, Cisco Content Engine, Cisco Enterprise Content Delivery Network Software, Cisco Cache Engine 505.