mailing list archives
Re: - Cisco IOS HTTP Server code injection/execution vulnerability-
From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 30 Nov 2005 18:55:58 +0100
That's what makes this vulnerability so fun. There's no need of
trick the victim, and you don't need to know the private address of
the router, etc,etc... you only must wait until he/her visits the
buffers dump page.
Visting the buffers dump page is not a common operation, especially
among those who use HTTP to access their routers.
Of course, a BUGTRAQ posting that describes a problem with the buffers
page might have the desired effect. 8-)
- Re: - Cisco IOS HTTP Server code injection/execution vulnerability- Florian Weimer (Dec 01)