Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco HTTP IOS Vuln Clarification

From: Pawel Krawczyk <kravietz () aba krakow pl>
Date: Tue, 13 Nov 2001 08:07:58 +0100
On Mon, Nov 12, 2001 at 11:48:46AM -0800, Josha Bronson wrote:


Can anyone clarify whether or not a server may be vulnerable only to a
subset of the numbers in the range? Meaning that "/level/17/exec/" may
work to access the system but "/level/99/exec/" may not. Or is it the
nature of this vulnerability that if a system is accessible via one URL
than it would be accessible via all?
On the systems I've tested they all work.


Exactly the same we got, the tested network was quite homogenic as
it comes to IOS revisions however. All the switches had HTTP enabled,
and all were vulnerable.

-- 
Paweł Krawczyk *** home: <http://ceti.pl/~kravietz/>
security: <http://ipsec.pl/>  *** fidonet: 2:486/23

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: