Cisco security loophole in IOS

Posted On : June 27th, 2009 by CiscoCCIE

Cisco on Friday reissued a security advisory originally released to the public in December, 2005.

The advisory concerns a vulnerability that exists in the IOS HTTP server in which HTML code from output such as a show buffers command, will be passed to the browser requesting the page. This HTML code could be interpreted by the client browser to potentially execute malicious commands. There are currently no patches available to fix the problem. Recommended workarounds include disabling the WEB_EXEC service while still leaving other HTTP services active.

http://www.cisco.com/en/US/products/products_security_advisory09186a008059e470.shtml

cisco

This entry was posted on Saturday, June 27th, 2009 at 3:24 pm and is filed under cisco. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.

Sorry, no posts matched your criteria.