Penetration Testing mailing list archives
Cisco HTTP IOS Vuln Clarification
From: Josha Bronson <dmuz () slartibartfast angrypacket com>
Date: Mon, 12 Nov 2001 11:48:46 -0800
Hi folks, Little question regarding the Cisco IOS HTTP Admin vuln that was released a while ago. As most of you probably know the vuln I won't discuss it. See <http://securityfocus.com/bid/2936>. Can anyone clarify whether or not a server may be vulnerable only to a subset of the numbers in the range? Meaning that "/level/17/exec/" may work to access the system but "/level/99/exec/" may not. Or is it the nature of this vulnerability that if a system is accessible via one URL than it would be accessible via all? On the systems I've tested they all work. Thanks for your help, there is just way to many revisions of IOS vulnerable to test them all, ;) -- josha.bronson(aka->dmuz) >> dmuz () angrypacket com networks/systems/security && CCNA, RHCE josha.net || dmuz.angrypacket.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Cisco HTTP IOS Vuln Clarification Josha Bronson (Nov 12)
- Re: Cisco HTTP IOS Vuln Clarification Pawel Krawczyk (Nov 13)
- Re: Cisco HTTP IOS Vuln Clarification Jim Duncan (Nov 13)