> "what you pay is what you get" probléma.
Eközben Cisco-nál:
CVE-2018-0296: The vulnerability allows an attacker to view sensitive system information without authenticating on the ASA device by using directory traversal techniques.
The root cause of the issue: URLs under /+CSCOE+/ require authentication. URLs under /+CSCOU+/ don't.
So how to access /+CSCOE+/ without authentication?
GET /+CSCOU+/../+CSCOE+/ HTTP/1.1
Mondjuk annyival valóban jobb a helyzet, hogy nem ignorálták a bejelentést, hanem javították.