Advisory: Cisco IOS HTTP client DoS

October 18, 2011 | Jaime Blasco

DESCRIPTION:

There is a problem with the HTTP client implementation on Cisco IOS. If an administrator loads an application service via these commands:

router#config

Configuring from terminal, memory, or network [terminal]?

Enter configuration commands, one per line.  End with CNTL/Z.

router(config)#application

router(config-app)#service name http://ip_address/

router(config-app-param)#end

and the HTTP server responds with a special crafted HTTP response, the device will crash.

AFFECTED VERSIONS:

The vulnerability has been detected in a wide branch of Cisco IOS.

VENDOR RESPONSE:

http://tools.cisco.com/security/center/viewAlert.x?alertId=24436

CREDITS:

Jaime Blasco, Alienvault Labs

Tags: vulnerability, cisco, ios, advisory

Cyber Strategy

Risk and Compliance

Vulnerability and Threat Management

CSO Advisory Services

Network Security

Threat Detection

Endpoint Security

AT&T Trusted Internet Access

AT&T Infrastructure and Application Protection

Endpoint Security

AT&T Threat Solutions

Compliance

Industry

Environment

Security Use Cases

Channel Partners

Technology Partners

Product Resources

Security Resources

Customer Resources

Browse by Topic

Advisory: Cisco IOS HTTP client DoS

Devin Morrissey

Cyber Strategy

Risk and Compliance

Vulnerability and Threat Management

CSO Advisory Services

Network Security

Threat Detection

Endpoint Security

AT&T Trusted Internet Access

AT&T Infrastructure and Application Protection

Endpoint Security

AT&T Threat Solutions

Compliance

Industry

Environment

Security Use Cases

Channel Partners

Technology Partners

Product Resources

Security Resources

Customer Resources

Browse by Topic

Advisory: Cisco IOS HTTP client DoS

Share this with others

Featured resources