jim_duffy
Managing Editor

Cisco Security warns of IOS HTTP hole with no patch

Analysis
Jun 23, 20091 min

A vulnerability that exists in Cisco's IOS HTTP server

Cisco on Friday reissued a security advisory originally released to the public in December, 2005.

The advisory concerns a vulnerability that exists in the IOS HTTP server in which HTML code from output such as a show buffers command, will be passed to the browser requesting the page. This HTML code could be interpreted by the client browser to potentially execute malicious commands. There are currently no patches available to fix the problem. Recommended workarounds include disabling the WEB_EXEC service while still leaving other HTTP services active.

See Cisco Security Advisory: IOS HTTP Server Command Injection Vulnerability for more information.

– Posted by Cisco Subnet editor Julie Bort.

More from Cisco Subnet:

  • Cisco expected to be more aggressive after Q1 share losses
  • Is Avaya about to distance itself from Cisco?
  • 3Com bests Cisco in school upgrade
  • Cisco rival Nortel liquidating assets
  • Cisco selling refurbished Linksys directly to end users
  • Security Updates plus 46 Security fixes – iPhone Is Enterprise Ready Now!?
  • Does Cisco use its WAAS in its own network?
Win training and books from Cisco SubnetCisco Alert newsletter. Like RSS readers? Subscribe to the Cisco Subnet RSS feed

Like e-mail? Subscribe to the

Follow Cisco Subnet on Twitter.