File: 100000129.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (89 lines) | stat: -rw-r--r-- 1,775 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
Rule: 

--
Sid: 
100000129

-- 
Summary: 
This event is generated when a malformed URL is sent to a Cisco IOS HTTP 
Router, which may cause a denial of service.

-- 

Impact: 
If a router running a vulnerable version of the IOS HTTP server receives this 
request, it will fall into an infinite loop, causing a denial of service. The 
router will restart after two minutes, when the system's watchdog timer 
realizes that the router has become unresponsive.

--
Detailed Information:
If a "?" character immediately follows a "/" character in a URI, vulnerable 
versions of the Cisco IOS HTTP Router will fall into an infinite loop, causing 
a denial of service. The router will restart after two minutes, when the 
system's watchdog timer realizes that the router has become unresponsive.


--
Affected Systems:
Cisco IOS 12.0 XJ
Cisco IOS 12.0 XH
Cisco IOS 12.0 XE
Cisco IOS 12.0 XA
Cisco IOS 12.0 W5
Cisco IOS 12.0 T
Cisco IOS 12.1 XP
Cisco IOS 12.1 XL
Cisco IOS 12.1 XJ
Cisco IOS 12.1 XI
Cisco IOS 12.1 XH
Cisco IOS 12.1 XG
Cisco IOS 12.1 XF
Cisco IOS 12.1 XE
Cisco IOS 12.1 XD
Cisco IOS 12.1 XC
Cisco IOS 12.1 XB
Cisco IOS 12.1 XA
Cisco IOS 12.1 T
Cisco IOS 12.1 EC
Cisco IOS 12.1 E
Cisco IOS 12.1 DC
Cisco IOS 12.1 DB
Cisco IOS 12.1 DA
Cisco IOS 12.1 AA
Cisco IOS 12.1

--

Attack Scenarios: 
This vulnerability may be exploited with a web browser or a script.

-- 

Ease of Attack: 
Simple, as it can be exploited using a web browser.

-- 

False Positives:
None Known.

--
False Negatives:
None Known.

-- 

Corrective Action: 
Apply the vendor-supplied patch, available at Cisco.com. As a workaround, the 
IOS HTTP server may be disabled by using the command "no ip http server".

--
Contributors: 
Alex Kirk <alex.kirk@sourcefire.com>

-- 
Additional References:

--