Name:
Cisco.Malformed.URL
Released Date:
Sep 11 2006
Severity:
critical
CVE:
2001-0537
Bugtraq:
2936

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an authentication vulnerability with HTTP server of a device running Cisco Internetwork Operating System (IOS).

IOS is an operating system that runs in a variety of products from Cisco Systems. Due to an error in local authentication database, an attacker can send a malformed Uniform Resource Locator (URL) to a vulnerable IOS device running HTTP server. Successful exploitation can grant the attacker execution privilege of arbitrary code on the affected machine.
 
Impact
An attacker can execute arbitrary command on infected systems and cause Denial-of-Service
 
Affected Products
Cisco IOS systems of versions 11.3 and after
Aliases
Cisco.Malformed.URL
References
http://www.securityfocus.com/bid/2936
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0537
http://www.kb.cert.org/vuls/id/812515
http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html
http://www.cert.org/advisories/CA-2001-14.html
Recommended Actions
Disable HTTP server

Apply appropriate patches or upgrade the system to the latest non-vulnerable version

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED