Bugtraq mailing list archives
Re: - Cisco IOS HTTP Server code injection/execution vulnerability-
From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 30 Nov 2005 18:55:58 +0100
That's what makes this vulnerability so fun. There's no need of trick the victim, and you don't need to know the private address of the router, etc,etc... you only must wait until he/her visits the buffers dump page.
Visting the buffers dump page is not a common operation, especially among those who use HTTP to access their routers. Of course, a BUGTRAQ posting that describes a problem with the buffers page might have the desired effect. 8-)
Current thread:
- Re: - Cisco IOS HTTP Server code injection/execution vulnerability- Florian Weimer (Dec 01)
- <Possible follow-ups>
- Re: - Cisco IOS HTTP Server code injection/execution vulnerability- Mike Caudill (Dec 02)