Bugtraq mailing list archives
Re: Cisco Security Advisory: Cisco IOS HTTP Server Query Vulnerability
From: Lisa Napier <lnapier () CISCO COM>
Date: Thu, 26 Oct 2000 15:39:39 -0700
At 04:45 PM 10/26/2000 -0500, Juan M. Courcoul wrote:
"Cisco Systems Product Security Incident Response Team" wrote: > > Cisco IOS HTTP Server Query Vulnerability > > Revision 1.0 > > For public release 2000 October 25 at 08:00 US/Pacific (UTC+0700) > _________________________________________________________________ > > Summary > > A defect in multiple releases of Cisco IOS software will cause a Cisco > router or switch to halt and reload if the IOS HTTP service is > enabled, browsing to "http://router-ip/anytext?/" is attempted, and > the enable password is supplied when requested. This defect can be > exploited to produce a denial of service (DoS) attack. > ....snip.... > > * Catalyst 1900, 2800, 2900, 3000, and 5000 series LAN switches are > not affected, except for some versions of the Catalyst 2900XL. > However, optional router modules running Cisco IOS software in > switch backplanes, such as the RSM module for the Catalyst 5000 > and 5500, are affected (see the Affected Products section above). Minor, field-tested, correction: A networking specialist working at one of our campuses has determined that Catalyst 2820 units with ATM interfaces are also vulnerable to this exploit, although the advisory implies that they are not. J. Courcoul ITESM
Thank you. We are updating the advisory later today with updated version availability, and correcting this error. Thanks much, Lisa Napier Product Security Incident Response Team Cisco Systems
Current thread:
- Re: Cisco Security Advisory: Cisco IOS HTTP Server Query Vulnerability Juan M. Courcoul (Oct 27)
- Re: Cisco Security Advisory: Cisco IOS HTTP Server Query Vulnerability Lisa Napier (Oct 27)