Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:579324
HistoryJul 31, 2003 - 12:00 a.m.

Cisco IOS HTTP Server vulnerable to buffer overflow when processing overly large malformed HTTP GET request

2003-07-3100:00:00
www.kb.cert.org
9
JSON

Overview

The Cisco IOS HTTP Server contains a vulnerability that may permit a remote attacker to execute arbitrary code on the system.

Description

Cisco IOS ships with an HTTP Server. A buffer overflow vulnerability exists in the HTTP Server and may be exploited if a remote attacker sends a crafted HTTP request larger than 2GB in size. The HTTP server is not enabled by default on the majority of IOS platforms. This vulnerability is only exploitable if the HTTP Server is enabled. According to the Cisco documentation regarding this issue, all Cisco IOS software versions except 12.3 and 12.3T are affected, CatOS and PIX are not affected. Cisco has also issued an alert regarding this issue. An exploit for this vulnerability has been posted publicly.

Impact

An attacker can cause the router to reboot, and potentially execute arbitrary code on the router. Repeatedly rebooting the router will result in a denial-of-service situation.

Solution

Cisco has released a document to address this issue. According to the Cisco documentation regarding this issue, 12.3 and 12.3T-based images are not vulnerable.

According to the Cisco documentation:

The workaround is to configure access lists to explicitly permit authorized hosts or networks to the http service.

The syntax for this command for routers and switches running Cisco IOS software is:

**ip http access-class <access-list number> **
access-list <access-list number> permit host <authorized host #1>
access-list <access-list number> permit host <authorized host #2>

access-list <access-list number> deny any

The <access-list number> in the above example needs to be in the range of 1-99 or 1300-1399 (IP Standard access list range).

Vendor Information

579324

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Cisco Systems Inc. __ Affected

Updated: July 31, 2003

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see <http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00801a97e1.shtml&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23579324 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported to Cisco by FX of Phenoelit.

This document was written by Jason A Rafail.

Other Information

CVE IDs: None
Severity Metric: 15.82 Date Public:
JSON