Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1546 |
Message | WEB-MISC Cisco /%% DOS attempt |
Summary | This event is generated when an attempt is made to issue a denial of service attack against a Cisco router or switch. |
Impact | If successful, the router will hang for two minutes, then reboot. Under certain circumstances, the router will hang until power cycled manually. |
Detailed Information | The HTTP server that is part of some versions of the Cisco IOS software has a bug that causes it to enter an infinite loop when handling a request for "/%%". |
Affected Systems | The following Cisco products can be affected. Whether they actually are vulnerable or not depends on the version of IOS that they are running. To properly determine if your product is vulnerable, see the Cisco website referenced below. Cisco routers in the AGS/MGS/CGS/AGS+, IGS, RSM, 800, ubr900, 1000, 2500, 2600, 3000, 3600, 3800, 4000, 4500, 4700, AS5200, AS5300, AS5800, 6400, 7000, 7200, ubr7200, 7500, and 12000 series. Most recent versions of the LS1010 ATM switch. The Catalyst 6000 if it is running IOS. Some versions of the Catalyst 2900XL and 3500XL LAN switches. The Cisco DistributedDirector. |
Attack Scenarios | This attack creates a denial of service. |
Ease of Attack | Very easy. |
Corrective Action | Turn off the web server functionality, use access lists to ensure only trusted hosts have access to the device, or upgrade your version of IOS. |
Additional References | Cisco http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml |
Rule References | bugtraq: 1154 cve: 2000-0380 nessus: 10387 |
--
DID:875503
--
http://www.aanval.com/