Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: - Cisco IOS HTTP Server code injection/execution vulnerability-
From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 30 Nov 2005 18:55:58 +0100

That's what makes this vulnerability so fun. There's no need of
trick the victim, and you don't need to know the private address of
the router, etc,etc... you only must wait until he/her visits the
buffers dump page.

Visting the buffers dump page is not a common operation, especially
among those who use HTTP to access their routers.

Of course, a BUGTRAQ posting that describes a problem with the buffers
page might have the desired effect. 8-)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]