Cisco Firewall Services Module, PIX, and ASA Malformed HTTP Requests Denial of Service Vulnerability

Cisco Firewall Services Module, Cisco PIX Security Appliance, and Cisco Adaptive Security Appliance (ASA) contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability exists due to an error within the handling of malformed HTTP requests. An attacker could exploit this vulnerability via a malformed HTTP request to cause the device to reload, resulting in a DoS condition.

Cisco confirmed this vulnerability in a security advisory and released updated software.

Enhanced inspection of HTTP requests is not enabled by default on any of the affected products. Normal inspection, which is enabled by using the inspect http command without specifying an HTTP map, will not make a system vulnerable.