CVE-2002-1098 Information

Description

Cisco VPN 3000 Concentrator 2.2.x and 3.x before 3.5.3 adds an \HTTPS on Public Inbound (XML-Auto)(forward/in)\ rule but sets the protocol to \ANY\ when the XML filter configuration is enabled which ultimately allows arbitrary traffic to pass through the concentrator.

Reference

http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml http://www.iss.net/security_center/static/10023.php http://www.securityfocus.com/bid/5614