Vulnerability CVE-2007-0962
Published: 2007-02-15   Modified: 2012-02-12

Description:
Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when "inspect http" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Cisco -> Asa 5500 
Cisco -> Firewall services module 
Cisco -> Pix firewall 
Cisco -> Pix firewall software 

 References:
http://securitytracker.com/id?1017651
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml
http://www.securityfocus.com/bid/22561
http://www.securityfocus.com/bid/22562
http://www.securitytracker.com/id?1017652
http://www.vupen.com/english/advisories/2007/0608
https://exchange.xforce.ibmcloud.com/vulnerabilities/32486
Copyright 2024, cxsecurity.com

 

Back to Top