Description
Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request.
Product(s):
- Cisco CatOS 5.4
- Cisco CatOS 5.5
- Cisco CatOS 5.5(13a)
- Cisco CatOS 6.1
- Cisco CatOS 6.1(2)
- Cisco CatOS 7.3
- Cisco CatOS 7.4
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2002-1222, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2002-1222 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.
References:
- http://webappsec.pbworks.com/Buffer-Overflow
- https://capec.mitre.org/data/definitions/10.html
- https://capec.mitre.org/data/definitions/100.html
- https://capec.mitre.org/data/definitions/123.html
- https://capec.mitre.org/data/definitions/14.html
- https://capec.mitre.org/data/definitions/24.html
- https://capec.mitre.org/data/definitions/42.html
- https://capec.mitre.org/data/definitions/44.html
- https://capec.mitre.org/data/definitions/45.html
- https://capec.mitre.org/data/definitions/46.html
- https://capec.mitre.org/data/definitions/47.html
- https://capec.mitre.org/data/definitions/8.html
- https://capec.mitre.org/data/definitions/9.html
- https://nvd.nist.gov/vuln/detail/CVE-2002-1222