Advisory: Cisco IOS HTTP client DoS
October 18, 2011
There is a problem with the HTTP client implementation on Cisco IOS. If an administrator loads an application service via these commands:
router#config Configuring from terminal, memory, or network [terminal]? Enter configuration commands, one per line. End with CNTL/Z. router(config)#application router(config-app)#service name http://ip_address/ router(config-app-param)#end
and the HTTP server responds with a special crafted HTTP response, the device will crash.
The vulnerability has been detected in a wide branch of Cisco IOS.
Jaime Blasco, Alienvault Labs