DESCRIPTION:
There is a problem with the HTTP client implementation on Cisco IOS. If an administrator loads an application service via these commands:
router#config Configuring from terminal, memory, or network [terminal]? Enter configuration commands, one per line. End with CNTL/Z. router(config)#application router(config-app)#service name http://ip_address/ router(config-app-param)#end
and the HTTP server responds with a special crafted HTTP response, the device will crash.
AFFECTED VERSIONS:
The vulnerability has been detected in a wide branch of Cisco IOS.
VENDOR RESPONSE:
http://tools.cisco.com/security/center/viewAlert.x?alertId=24436
CREDITS:
Jaime Blasco, Alienvault Labs