Cisco IOS HTTP Router Management Service Malformed Request Denial Of Service Vulnerability
BID:10014
Info
Cisco IOS HTTP Router Management Service Malformed Request Denial Of Service Vulnerability
| Bugtraq ID: | 10014 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 25 2000 12:00AM |
| Updated: | Oct 25 2000 12:00AM |
| Credit: | The vendor announced this vulnerability. |
| Vulnerable: |
Cisco IOS 12.1XP Cisco IOS 12.1XL Cisco IOS 12.1XJ Cisco IOS 12.1XI Cisco IOS 12.1XH Cisco IOS 12.1XG Cisco IOS 12.1XF Cisco IOS 12.1XE Cisco IOS 12.1XD Cisco IOS 12.1XC Cisco IOS 12.1XB Cisco IOS 12.1XA Cisco IOS 12.1T Cisco IOS 12.1EC Cisco IOS 12.1E Cisco IOS 12.1DC Cisco IOS 12.1DB Cisco IOS 12.1DA Cisco IOS 12.1AA Cisco IOS 12.1 Cisco IOS 12.0XJ Cisco IOS 12.0XH Cisco IOS 12.0XE Cisco IOS 12.0XA Cisco IOS 12.0W5 Cisco IOS 12.0T |
| Not Vulnerable: | |
Discussion
Cisco IOS HTTP Router Management Service Malformed Request Denial Of Service Vulnerability
The HTTP router management service on Cisco IOS has been reported to be prone to a remote denial of service vulnerability. On Cisco IOS versions 12.0T and up, the "?" character when appended with a "/" character is not properly interpreted by the HTTP router management service and may cause the appliance to crash.
The HTTP router management service on Cisco IOS has been reported to be prone to a remote denial of service vulnerability. On Cisco IOS versions 12.0T and up, the "?" character when appended with a "/" character is not properly interpreted by the HTTP router management service and may cause the appliance to crash.
Exploit / POC
Cisco IOS HTTP Router Management Service Malformed Request Denial Of Service Vulnerability
The following proof of concept exploit has been supplied:
The following proof of concept exploit has been supplied:
Solution / Fix
Cisco IOS HTTP Router Management Service Malformed Request Denial Of Service Vulnerability
Solution:
Cisco has released an advisory that details IOS versions and fixes for customers who may potentially be affected by this issue. Please see the referenced advisory for further information regarding obtaining and applying an appropriate update.
Solution:
Cisco has released an advisory that details IOS versions and fixes for customers who may potentially be affected by this issue. Please see the referenced advisory for further information regarding obtaining and applying an appropriate update.
References
Cisco IOS HTTP Router Management Service Malformed Request Denial Of Service Vulnerability
References:
References: