CVE-2000-0984
CVSS5.0
发布时间 :2000-12-19 00:00:00
修订时间 :2008-09-10 15:06:16
NMCOE    

[原文]The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string.


[CNNVD]Cisco IOSHTTP服务器漏洞(CNNVD-200012-175)

        Cisco IOS 12.0到12.1版本中的HTTP服务器存在漏洞。本地用户可以借助含有"?/"字符串的URL导致服务拒绝(崩溃和重装)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:cisco:ios:12.1ecCisco IOS 12.1EC
cpe:/o:cisco:ios:12.1xeCisco IOS 12.1XE
cpe:/o:cisco:ios:12.1xdCisco IOS 12.1XD
cpe:/o:cisco:ios:12.0xaCisco IOS 12.0XA
cpe:/o:cisco:ios:12.1xpCisco IOS 12.1XP
cpe:/o:cisco:ios:12.1tCisco IOS 12.1T
cpe:/o:cisco:ios:12.0xhCisco IOS 12.0XH
cpe:/o:cisco:ios:12.1daCisco IOS 12.1DA
cpe:/o:cisco:ios:12.1xfCisco IOS 12.1XF
cpe:/o:cisco:ios:12.1xhCisco IOS 12.1XH
cpe:/o:cisco:ios:12.1xaCisco IOS 12.1XA
cpe:/o:cisco:ios:12.1xjCisco IOS 12.1XJ
cpe:/o:cisco:ios:12.1xbCisco IOS 12.1XB
cpe:/o:cisco:ios:12.1aaCisco IOS 12.1AA
cpe:/o:cisco:ios:12.1xgCisco IOS 12.1XG
cpe:/o:cisco:ios:12.0tCisco IOS 12.0T
cpe:/o:cisco:ios:12.0w5Cisco IOS 12.0W5
cpe:/o:cisco:ios:12.1dbCisco IOS 12.1DB
cpe:/o:cisco:ios:12.1dcCisco IOS 12.1DC
cpe:/o:cisco:ios:12.1xlCisco IOS 12.1XL
cpe:/o:cisco:ios:12.1xiCisco IOS 12.1XI
cpe:/o:cisco:ios:12.1xcCisco IOS 12.1XC
cpe:/o:cisco:ios:12.0xeCisco IOS 12.0XE
cpe:/o:cisco:ios:12.0xjCisco IOS 12.0XJ

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:5918Cisco IOS HTTP Server Query Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0984
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0984
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200012-175
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/1838
(VENDOR_ADVISORY)  BID  1838
http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml
(VENDOR_ADVISORY)  CISCO  20001025 Cisco IOS HTTP Server Query Vulnerability
http://xforce.iss.net/xforce/xfdb/5412
(UNKNOWN)  XF  cisco-ios-query-dos(5412)

- 漏洞信息

Cisco IOSHTTP服务器漏洞
中危 未知
2000-12-19 00:00:00 2005-10-12 00:00:00
远程  
        Cisco IOS 12.0到12.1版本中的HTTP服务器存在漏洞。本地用户可以借助含有"?/"字符串的URL导致服务拒绝(崩溃和重装)。

- 公告与补丁

        

- 漏洞信息 (20323)

Cisco IOS 12 Software "?/" HTTP Request DoS Vulnerability (EDBID:20323)
hardware remote
2000-10-25 Verified
0 Alberto Solino
N/A [点击下载]
source: http://www.securityfocus.com/bid/1838/info


Cisco devices running IOS software may be prone to a denial of service attack if a URL containing a question mark followed by a slash (?/) is requested. The device will enter an infinite loop when supplied with a URL containing a "?/" and an enable password. Subsequently, the router will crash in two minutes after the watchdog timer has expired and will then reload. In certain cases, the device will not reload and a restart would be required in order to regain normal functionality.

This vulnerability is restricted to devices that do not have the enable password set or if the password is known or can be easily predicted. The vulnerable service is only on by default in the Cisco 1003, 1004 and 1005 routers. 

Users can identify vulnerable or invulnerable devices running IOS by logging onto the device and issuing the ?show version? command. If IOS is running on a vulnerable device the command will return ?Internetwork Operating System Software? or ?IOS (tm)? with a version number.

Vulnerable IOS software may be found on the following Cisco devices:

*Cisco routers in the AGS/MGS/CGS/AGS+, IGS, RSM, 800, ubr900, 1000, 1400, 1500, 1600, 1700, 2500, 2600, 3000, 3600, 3800, 4000, 4500, 4700, AS5200, AS5300, AS5800, 6400, 7000, 7200, ubr7200, 7500, and 12000 series.
*Recent versions of LS1010 ATM switch. 
*Catalyst 6000 with IOS.
*Catalyst 2900XL LAN switch with IOS.
*Cisco DistributedDirector.

http://target/anytext?/		

- 漏洞信息

6717
Cisco IOS HTTP Server ?/ String Handling Local DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Availability
Exploit Public

- 漏洞描述

Cisco devices running IOS software may be prone to a denial of service attack if a URL containing the question mark followed by a slash (?/) is requested. The device will enter an infinite loop when the supplied with the URL containing a "?/" and an enable password. Subequently, the router or switch will crash in two minutes after the watchdog timer has expired and will then reload. In certain cases the device will not reload and restart. In such a case, however, a manual restart would be required to regain normal functionality.

- 时间线

2000-10-25 Unknow
2000-10-25 Unknow

- 解决方案

Upgrade to the version appropriate for your installation, as outlined in the vulnerable version matrix provided by Cisco. It is also possible to correct the flaw by implementing the following workaround(s): Disable the HTTP server on the IOS device, or apply an access control list to mitigate risk by reducing your exposure.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站