A vulnerability that exists in Cisco's IOS HTTP server
Cisco on Friday reissued a security advisory originally released to the public in December, 2005.
The advisory concerns a vulnerability that exists in the IOS HTTP server in which HTML code from output such as a show buffers command, will be passed to the browser requesting the page. This HTML code could be interpreted by the client browser to potentially execute malicious commands. There are currently no patches available to fix the problem. Recommended workarounds include disabling the WEB_EXEC service while still leaving other HTTP services active.
See Cisco Security Advisory: IOS HTTP Server Command Injection Vulnerability for more information.
– Posted by Cisco Subnet editor Julie Bort.
More from Cisco Subnet:
Win training and books from Cisco SubnetCisco Alert newsletter. Like RSS readers? Subscribe to the Cisco Subnet RSS feed
- Cisco expected to be more aggressive after Q1 share losses
- Is Avaya about to distance itself from Cisco?
- 3Com bests Cisco in school upgrade
- Cisco rival Nortel liquidating assets
- Cisco selling refurbished Linksys directly to end users
- Security Updates plus 46 Security fixes – iPhone Is Enterprise Ready Now!?
- Does Cisco use its WAAS in its own network?
Like e-mail? Subscribe to the
Follow Cisco Subnet on Twitter.




