Bugtraq mailing list archives
Re: Cisco Security Advisory: Cisco IOS HTTP Server Query Vulnerability
From: "Juan M. Courcoul" <courcoul () campus qro itesm mx>
Date: Thu, 26 Oct 2000 16:45:52 -0500
"Cisco Systems Product Security Incident Response Team" wrote:
Cisco IOS HTTP Server Query Vulnerability Revision 1.0 For public release 2000 October 25 at 08:00 US/Pacific (UTC+0700) _________________________________________________________________ Summary A defect in multiple releases of Cisco IOS software will cause a Cisco router or switch to halt and reload if the IOS HTTP service is enabled, browsing to "http://router-ip/anytext?/" is attempted, and the enable password is supplied when requested. This defect can be exploited to produce a denial of service (DoS) attack.
....snip....
* Catalyst 1900, 2800, 2900, 3000, and 5000 series LAN switches are not affected, except for some versions of the Catalyst 2900XL. However, optional router modules running Cisco IOS software in switch backplanes, such as the RSM module for the Catalyst 5000 and 5500, are affected (see the Affected Products section above).
Minor, field-tested, correction: A networking specialist working at one of our campuses has determined that Catalyst 2820 units with ATM interfaces are also vulnerable to this exploit, although the advisory implies that they are not. J. Courcoul ITESM
Current thread:
- Re: Cisco Security Advisory: Cisco IOS HTTP Server Query Vulnerability Juan M. Courcoul (Oct 27)
- Re: Cisco Security Advisory: Cisco IOS HTTP Server Query Vulnerability Lisa Napier (Oct 27)