Advisory: Cisco IOS HTTP client DoSOctober 18th, 2011 | Posted by in Advisory | Blog | Vulnerability Management
There is a problem with the HTTP client implementation on Cisco IOS. If an administrator loads an application service via these commands:
router#config Configuring from terminal, memory, or network [terminal]? Enter configuration commands, one per line. End with CNTL/Z. router(config)#application router(config-app)#service name http://ip_address/ router(config-app-param)#end
and the HTTP server responds with a special crafted HTTP response, the device will crash.
The vulnerability has been detected in a wide branch of Cisco IOS.
Jaime Blasco, Alienvault Labs
You can follow any responses to this entry through the RSS 2.0 Both comments and pings are currently closed.