Signature Detail

DOS: Cisco IOS httpd DoS

This signature detects attempts to exploit a known vulnerability in Cisco IOS. Versions prior to 11.0, 11.2.8SA1, 12.1(1a)T1, and 12.1(1.3)T are susceptible. Attackers can remotely request URLs containing the %% string from the IP HTTP server, causing a denial of service condition.

Extended Description

A denial of service attack exists in versions of Cisco IOS, running on a variety of different router hardware. If the router is configured to have a web server running for configuration and other information a user can cause the router to crash.

Affected Products

• Cisco IOS 11.1
• Cisco IOS 11.2
• Cisco IOS 11.2.10
• Cisco IOS 11.2.10BC
• Cisco IOS 11.2(17)
• Cisco IOS 11.2.4F1
• Cisco IOS 11.2.8
• Cisco IOS 11.2.8P
• Cisco IOS 11.2.9P
• Cisco IOS 11.2.9XA
• Cisco IOS 11.2P
• Cisco IOS 11.3
• Cisco IOS 11.3.1
• Cisco IOS 11.3.1ED
• Cisco IOS 11.3.1T
• Cisco IOS 11.3T
• Cisco IOS 12.0
• Cisco IOS 12.0.1W
• Cisco IOS 12.0.1XA3
• Cisco IOS 12.0.1XB
• Cisco IOS 12.0.1XE
• Cisco IOS 12.0.2
• Cisco IOS 12.0.2XC
• Cisco IOS 12.0.2XD
• Cisco IOS 12.0.2XF
• Cisco IOS 12.0.2XG
• Cisco IOS 12.0.3T2
• Cisco IOS 12.0.4
• Cisco IOS 12.0.4S
• Cisco IOS 12.0.4T
• Cisco IOS 12.0.5
• Cisco IOS 12.0(5)T1
• Cisco IOS 12.0.6
• Cisco IOS 12.0.7
• Cisco IOS 12.0(7)T
• Cisco IOS 12.0(8)
• Cisco IOS 12.0(9)S
• Cisco IOS 12.0DB
• Cisco IOS 12.0S
• Cisco IOS 12.0T

References

• BugTraq: 1154
• CVE: CVE-2000-0380
• URL: http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml