published date: August 27, 2003

CVE-2003-0647 : Buffer Overflow Vulnerability

Description

Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.

Product(s):

Cisco IOS
Cisco IOS 1.6.0.0
Cisco IOS 1.8.0
Cisco IOS 10.0
Cisco IOS 10.3
Cisco IOS 10.3.16
Cisco IOS 10.3.19 a
Cisco IOS 10.3.3 .3
Cisco IOS 10.3.3.4
Cisco IOS 10.3.4 .2
Cisco IOS 10.3.4 .3
Cisco IOS 11.0.12 (a)BT
Cisco IOS 11.0
Cisco IOS 11.0.12
Cisco IOS 11.0.17
Cisco IOS 11.0.17 BT
Cisco IOS 11.0 (18)
Cisco IOS 11.0.20.3
Cisco IOS 11.0 (22a)
Cisco IOS 11.0 (22b)
Cisco IOS 11.0 .x
Cisco IOS 11.1
Cisco IOS 11.1(11)
Cisco IOS 11.1(12)
Cisco IOS 11.1.13
Cisco IOS 11.1.13 AA
Cisco IOS 11.1.13 CA
Cisco IOS 11.1.13 IA
Cisco IOS 11.1(14)
Cisco IOS 11.1.15
Cisco IOS 11.1.15 AA
Cisco IOS 11.1.15 CA
Cisco IOS 11.1.15 IA
Cisco IOS 11.1(16)
Cisco IOS 11.1.16 AA
Cisco IOS 11.1.16 IA
Cisco IOS 11.1(17)
Cisco IOS 11.1.17 CC
Cisco IOS 11.1.17 CT
Cisco IOS 11.1(18)
Cisco IOS 11.1 (20)AA4
Cisco IOS 11.1(22)
Cisco IOS 11.1(24)
Cisco IOS 11.1 (24a)
Cisco IOS 11.1 (24b)
Cisco IOS 11.1 (24c)
Cisco IOS 11.1 (28a)CT
Cisco IOS 11.1 (28a)IA
Cisco IOS 11.1 (36)CA2
Cisco IOS 11.1 (36)CA4
Cisco IOS 11.1 (36)CC2
Cisco IOS 11.1 (36)CC4
Cisco IOS 11.1(5)
Cisco IOS 11.1.7
Cisco IOS 11.1.7 AA
Cisco IOS 11.1.7 CA
Cisco IOS 11.1.9 IA
Cisco IOS 11.1 AA
Cisco IOS 11.1 CA
Cisco IOS 11.1CC
Cisco IOS 11.1CT
Cisco IOS 11.1 IA
Cisco IOS 11.2
Cisco IOS 11.2.10
Cisco IOS 11.2.10 BC
Cisco IOS 11.2(11)
Cisco IOS 11.2 (11b)T2
Cisco IOS 11.2(14)GS2
Cisco IOS 11.2(15)G
Cisco IOS 11.2(15a)P
Cisco IOS 11.2 (15b)
Cisco IOS 11.2(16)
Cisco IOS 11.2(16)P
Cisco IOS 11.2(17)
Cisco IOS 11.2(18)
Cisco IOS 11.2 (19)GS0.2
Cisco IOS 11.2 (19a)GS6
Cisco IOS 11.2 (23a)BC1
Cisco IOS 11.2 (26)P2
Cisco IOS 11.2 (26)P5
Cisco IOS 11.2 (26a)
Cisco IOS 11.2 (26b)
Cisco IOS 11.2 (26e)
Cisco IOS 11.2.4
Cisco IOS 11.2.4 F1
Cisco IOS 11.2.4 F
Cisco IOS 11.2 (4)XA
Cisco IOS 11.2 (4)XAf
Cisco Catalyst 2900 11.2 (8.2)SA6
Cisco IOS 11.2 (8.9)SA6
Cisco IOS 11.2.8
Cisco IOS 11.2.8 P
Cisco IOS 11.2.8 SA1
Cisco IOS 11.2.8 SA3
Cisco IOS 11.2.8 SA5
Cisco IOS 11.2.9 P
Cisco IOS 11.2.9 XA
Cisco IOS 11.2 BC
Cisco IOS 11.2 F
+1708 additional

CVSS:7.5 [Critical]
EPSS:8.61%
Exploitability:10
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2003-0647, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2003-0647 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-2003-0647

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales