Cisco IOS HTTP Server ?/ String Local DoS

high Nessus Plugin ID 10682

Synopsis

The remote switch has a denial of service vulnerability.

Description

It was possible to make the remote switch reboot by requesting :

GET /cgi-bin/view-source?/

A remote attacker may use this flaw to prevent your network from working properly.

Solution

Upgrade to the latest version of IOS, or implement one of the workarounds listed in Cisco's advisory.

See Also

http://www.nessus.org/u?8cb9966d

Plugin Details

Severity: High

ID: 10682

File Name: cisco-view-source-dos.nasl

Version: 1.39

Type: remote

Family: CISCO

Published: 5/29/2001

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/25/2000

Vulnerability Publication Date: 10/25/2000

Reference Information

CVE: CVE-2000-0984

BID: 1838