/%%" is attempted. This defect can be exploited to produce a denial of service (DoS) attack. This defect has been discussed on public mailing lists and should be considered public information. The vulnerability, identified as Cisco bug ID CSCdr36952, affects virtually all mainstream Cisco routers and switches running Cisco IOS software releases 11.1 through 12.1, inclusive. The vulnerability has been corrected and Cisco is making fixed releases available to replace all affected IOS releases. Customers are urged to upgrade to releases that are not vulnerable to this defect as shown in detail below. The vulnerability can be mitigated by disabling the IOS HTTP server, using an access-list on an interface in the path to the router to prevent unauthorized network connections to the HTTP server, or applying an access-class option directly to the HTTP server itself. The IOS HTTP server is enabled by default only on Cisco 1003, 1004, and 1005 routers that are not configured. In all other cases, the IOS http server must be explicitly enabled in order to exploit this defect. The complete advisory is available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20000514-ios-http-server. "/>
Home / Cisco Security / Security Advisories

Cisco Security Advisory

Cisco IOS HTTP Server Vulnerability

Advisory ID:
First Published:
2000 May 14 13:00 GMT
Version 1.1: