CVE-2009-2977

Name of the Vulnerable Software and Affected Versions: Cisco Security Monitoring, Analysis and Response System (CS-MARS) versions 6.0.4 and earlier

Description: The issue allows context-dependent attackers to obtain sensitive information by reading certain files. These files, stored within error-logs.tar.gz archives, contain cleartext passwords in log/sysbacktrace files.

Recommendations: For CS-MARS versions 6.0.4 and earlier, consider restricting access to the log/sysbacktrace files within error-logs.tar.gz archives to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.