Cisco IOS HTTP Server Vulnerable to Arbitrary Command Execution and Cross-Site Scripting Attacks
A vulnerability exists in the HTTP server in Cisco products that run Cisco IOS that could be manipulated to execute commands against the device and might allow cross-site scripting attacks.
ITPro Today
December 4, 2005
1 Min Read
A vulnerability exists in the HTTP server in Cisco products that run Cisco IOS Software versions 11.0 through 12.4. The HTTP server dynamically generates code that could be manipulated to execute commands against the device and might allow cross-site scripting attacks. Cisco published an advisory, "IOS HTTP Server Command Injection Vulnerability," which explains that a working exploit already exists and recommends that administrators disable the HTTP server on affected devices until a patch is available.
About the Author
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
You May Also Like