This script is (C) 2010-2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
A vulnerability exists in the IOS HTTP server in which HTML code
inserted into dynamically-generated output, such as the output from a
show buffers command, will be passed to the browser requesting the
page. This HTML code could be interpreted by the client browser and
potentially execute malicious commands against the device or execute
other possible cross-site scripting attacks. Successful exploitation
of this vulnerability requires that a user browse a page containing
dynamic content in which HTML commands have been injected.
Cisco will be making free software available to address this
vulnerability for affected customers. There are workarounds available
to mitigate the effects of the vulnerability.
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true
Nessus Plugin ID: 48991 (cisco-sa-20051201-httphttp.nasl)
Bugtraq ID: 15602
CVE ID: CVE-2005-3921
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.