Cisco 645 http get Denial of Service 1.5
 
Plugin ID25
Plugin nameCisco 645 http get Denial of Service
Plugin filenameCisco 675 http get Denial of Service.plugin
Plugin filesize3169 bytes
Plugin familyNetwork devices
Plugin created nameMarc Ruef
Plugin created emailmarc dot ruef at computec dot ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2003/11/14
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/13
Plugin version1.5
Plugin changelogCorrected the plugin structure and added the accuracy values in 1.5
Plugin protocoltcp
Plugin port80
Plugin procedure exploitopen|send GET ?\n\n|sleep 5|close|icmp_alive
Plugin exploit accuracy50
Plugin commentUsing this plugin can cause a denial of service of affected systems. Use this plugin with cause.
Bug advisoryhttp://online.securityfocus.com/archive/1/147562
Bug produced nameCisco Systems
Bug produced emailinfo at cisco dot com
Bug produced webhttp://www.cisco.com
Bug affectedCisco 645
Bug not affectedOther Cisco and network devices
Bug vulnerability classDenial Of Service
Bug descriptionThe Cisco 675 is vulnerable to a remote Denial of Service attack. An attacker may crash the device by sending the HTTP request "GET ?" to the HTTP port tcp/80 of the router. You need to reboot the device to make it work again.
Bug solutionUpgrade your Cisco firmware and filter incoming traffic on port tcp/80. As workaround (disabling the web service) you could add the rule "set web disabled", "write" and "reboot" into your device.
Bug fixing time20 minutes
Bug exploit availabilityYes
Bug exploit urlhttp://www.nessus.org
Bug remoteYes
Bug localNo
Bug severityHigh
Bug popularity7
Bug simplicity8
Bug impact8
Bug risk7
Bug Nessus riskHigh
Bug check toolsNessus is also able to do the same check.
Source CVECVE-2001-0058
Source OSVDB ID460
Source Nessus ID10561
Source ISS X-Force ID5626
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://www.cisco.com/warp/public/707/CBOS-multiple.shtml

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.