AlienVault R&D Labs Portal. Get the latest news from our research.
Header

Advisory: Cisco IOS HTTP client DoS

October 18th, 2011 | Posted by jaime.blasco in Advisory | Blog | Vulnerability Management

DESCRIPTION:
There is a problem with the HTTP client implementation on Cisco IOS. If an administrator loads an application service via these commands:

router#config
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line.  End with CNTL/Z.
router(config)#application
router(config-app)#service name http://ip_address/
router(config-app-param)#end

and the HTTP server responds with a special crafted HTTP response, the device will crash.

AFFECTED VERSIONS:
The vulnerability has been detected in a wide branch of Cisco IOS.

VENDOR RESPONSE:
http://tools.cisco.com/security/center/viewAlert.x?alertId=24436

CREDITS:
Jaime Blasco, Alienvault Labs

jaime.blasco

At AlienVault Jaime manages the Lab and runs the Vulnerability Research Team. Prior to working in the AlienVault lab he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. His background stems from a number of years working in vulnerability management, malware analysis and security researching.

More Posts - Website

Follow Me:
TwitterLinkedIn

, , ,

You can follow any responses to this entry through the RSS 2.0 Both comments and pings are currently closed.

Comments by