49 matches found
CVE-2013-2106
webauth before 4.6.1 has authentication credential disclosure...
Design/Logic Flaw
webauth before 4.6.1 has authentication credential disclosure...
CVE-2013-2106
Technical details (affected product, component, version, root cause or fix) are not publicly available in the provided documents; monitor for updates.
CVE-2013-2106
webauth before 4.6.1 has authentication credential disclosure...
CVE-2013-2106
webauth before 4.6.1 has authentication credential disclosure...
CVE-2018-0247
A vulnerability in Web Authentication WebAuth clients for the Cisco Wireless LAN Controller WLC and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of...
CVE-2018-0247
The CVE-2018-0247 entry describes an authentication bypass in Web Authentication (WebAuth) clients used by Cisco IOS on Cisco Aironet Access Points and Wireless LAN Controllers (WLCs). Affected configurations require: AP in FlexConnect NAT mode, WLAN in central switching (unique IP per client), A...
Cisco Wireless LAN Controller and Aironet Access Points IOS WebAuth Client Authentication Bypass Vulnerability
A vulnerability in Web Authentication WebAuth clients for the Cisco Wireless LAN Controller WLC and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of...
The vulnerability of the Cisco Wireless LAN Controller 2100 software allows a malicious individual to cause service failure.
Vulnerability exists in Cisco Wireless LAN Controller WLC devices due to improper memory release. This allows malicious actors operating remotely to trigger a service failure by sending frequent WebAuth authorization requests...
The vulnerability of the Cisco Wireless LAN Controller 4100 software allows a malicious individual to cause service failure.
Vulnerability exists in Cisco Wireless LAN Controller WLC devices due to improper memory release. This allows malicious actors operating remotely to trigger a service failure by sending frequent WebAuth authorization requests...
The vulnerability of the Cisco Wireless LAN Controller 2000 software allows a malicious individual to cause service failure.
Vulnerability exists in Cisco Wireless LAN Controller WLC devices due to improper memory release. This allows malicious actors operating remotely to trigger a service failure by sending frequent WebAuth authorization requests...
CVE-2014-3821
Cross-site scripting XSS vulnerability in SRX Web Authentication webauth in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote attackers to inject arbitrary web script or HTML via...
Code injection
The ios-authproxy implementation in Cisco IOS before 15.11SY3 allows remote attackers to cause a denial of service webauth and HTTP service outage via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447...
Multiple Vulnerabilities in Cisco Wireless LAN Controllers (cisco-sa-20140305-wlc)
The remote Cisco Wireless LAN Controller WLC is affected by one or more of the following vulnerabilities : - Errors exist related to the handling of specially crafted ethernet 802.11 frames that could allow denial of service attacks. CSCue87929, CSCuf80681 - An error exists related to the handlin...
Cisco Wireless LAN Controller拒绝服务漏洞
Bugtraq ID:65977 CVE ID:CVE-2014-0701 Cisco Wireless LAN Controller负责全系统的无线LAN功能,例如安全策略、入侵保护、RF管理,服务质量和移动性。 Cisco Wireless LAN Controller WebAuth功能存在安全漏洞,允许未验证远程攻击者使设备重载。 由于处理WebAuth登录过程中未能释放使用的内存,允许攻击者高速提交大量WebAuth请求,可使设备进行不稳定状态,消耗大量内存造成设备重启。 0 Cisco Wireless LAN Controller 7.0 Cisco Wireless LA...
Design/Logic Flaw
Cisco Wireless LAN Controller WLC devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service reboot by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361...
CVE-2012-0370
Cisco Wireless LAN Controller WLC devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service device reload via a sequence of 1 HTTP or 2 HTTPS packets, aka Bug ID CSCtt47435...
Code injection
Cisco Wireless LAN Controller WLC devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service device reload via a sequence of 1 HTTP or 2 HTTPS packets, aka Bug ID CSCtt47435...
CVE-2012-0370
Cisco Wireless LAN Controller WLC devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service device reload via a sequence of 1 HTTP or 2 HTTPS packets, aka Bug ID CSCtt47435...
CVE-2009-2945
weblogin/login.fcgi aka the WebLogin login script in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading 1 web-serve...