578 : Cisco IOS HTTP Unauthorized Administrative Access
Printer | http://osvdb.org/578 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
18	2186	over 9 years ago	over 3 years ago	1 times	65%

Timeline

Discovery Date	Disclosure Date	Exploit Publish Date
2001-06-27	2001-06-27	2001-07-02

Time to Exploit
5 days

Description

IOS contains a flaw that may allow a malicious user to bypass authentication. The issue is triggered when an attacker sends a specially crafted URL to the HTTP server. It is possible that the flaw may allow an attacker to gain administrative privileges resulting in a loss of confidentiality, integrity, and/or availability.

Classification

Unknown or Incomplete

Solution

Cisco has released a patch to address this vulnerability.

Products

Cisco Systems, Inc.	IOS	11.3
		12.0
		12.1
		12.2

References

CVE ID: 2001-0537 (see also: NVD)
Bugtraq ID: 2936
ISS X-Force ID: 6749
CERT: CA-2001-14
Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2001-06/0383.html
Vendor Specific Advisory URL: http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html
Generic Exploit URL: http://www.securityfocus.com/archive/1/194709
CIAC Advisory: l-106

Tools & Filters

Nikto	1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 ... and 14 more
	10700
Snort	1250

Credit

Unknown or Incomplete

CVSSv2 Score

CVSSv2 Base Score = 9.3
Source: nvd.nist.gov | Generated: 2003-12-31 | Disagree?

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.