This script is (C) 2010-2015 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
A defect in multiple releases of Cisco IOS software will cause a Cisco
router or switch to halt and reload if the IOS HTTP service is enabled
and browsing to "http://<router-ip>/%%" is attempted. This defect can
be exploited to produce a denial of service (DoS) attack. This defect
has been discussed on public mailing lists and should be considered
The vulnerability, identified as Cisco bug ID CSCdr36952, affects
virtually all mainstream Cisco routers and switches running Cisco IOS
software releases 11.1 through 12.1, inclusive. The vulnerability has
been corrected and Cisco is making fixed releases available to replace
all affected IOS releases. Customers are urged to upgrade to releases
that are not vulnerable to this defect as shown in detail below.
The vulnerability can be mitigated by disabling the IOS HTTP server,
using an access-list on an interface in the path to the router to
prevent unauthorized network connections to the HTTP server, or
applying an access-class option directly to the HTTP server itself. The
IOS HTTP server is enabled by default only on Cisco 1003, 1004, and
1005 routers that are not configured. In all other cases, the IOS http
server must be explicitly enabled in order to exploit this defect.
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
High / CVSS Base Score : 7.1
CVSS Temporal Score : 6.7
Public Exploit Available : true
Nessus Plugin ID: 48949 (cisco-sa-20000514-ios-http-serverhttp.nasl)
Bugtraq ID: 1154
CVE ID: CVE-2000-0380
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.