ID

VAR-200004-0061


CVE

CVE-2000-0380


TITLE

Cisco IOS software vulnerable to DoS via HTTP request containing "%%"

Trust: 0.8

sources: CERT/CC: VU#24346

DESCRIPTION

The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. There is a denial-of-service vulnerability in several Cisco switch and router products which allows an attacker to force affected devices to crash and reboot. If the router is configured to have a web server running for configuration and other information a user can cause the router to crash. Cisco IOS is an operating system that runs widely on various network devices of the Cisco system. Remote attackers may use this loophole to carry out denial of service attacks on the device. Some routers will automatically restart, while others must be manually powered off and on to restore the router to normal operation

Trust: 2.07

sources: NVD: CVE-2000-0380 // CERT/CC: VU#24346 // BID: 1154 // VULHUB: VHN-1959 // VULMON: CVE-2000-0380

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:11.2

Trust: 1.9

vendor:ciscomodel:iosscope:eqversion:11.1

Trust: 1.9

vendor:ciscomodel:iosscope:eqversion:11.2\(8\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.2\(17\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.2\(4\)f1

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.2\(10\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.2\(8\)p

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.2\(9\)xa

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.2\(10\)bc

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.2\(9\)p

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:11.3

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:11.2p

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.3\(1\)ed

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(6\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(4\)s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(9\)s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.3\(1\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(1\)xe

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)xd

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(1\)w

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)xf

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.3\(1\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(1\)xa3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(5\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)xc

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0db

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(3\)t2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(7\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(4\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(8\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)xg

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(1\)xb

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(5\)t1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(4\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.3t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0t

Trust: 1.0

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:12.0.7

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.6

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.5

Trust: 0.3

vendor:ciscomodel:ios tscope:eqversion:12.0.4

Trust: 0.3

vendor:ciscomodel:ios sscope:eqversion:12.0.4

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.4

Trust: 0.3

vendor:ciscomodel:ios t2scope:eqversion:12.0.3

Trust: 0.3

vendor:ciscomodel:ios xgscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:ios xfscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:ios xdscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:ios xcscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:ios xescope:eqversion:12.0.1

Trust: 0.3

vendor:ciscomodel:ios xbscope:eqversion:12.0.1

Trust: 0.3

vendor:ciscomodel:ios xa3scope:eqversion:12.0.1

Trust: 0.3

vendor:ciscomodel:ios wscope:eqversion:12.0.1

Trust: 0.3

vendor:ciscomodel:ios tscope:eqversion:11.3.1

Trust: 0.3

vendor:ciscomodel:ios edscope:eqversion:11.3.1

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.3.1

Trust: 0.3

vendor:ciscomodel:ios bcscope:eqversion:11.2.10

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.2.10

Trust: 0.3

vendor:ciscomodel:ios xascope:eqversion:11.2.9

Trust: 0.3

vendor:ciscomodel:ios pscope:eqversion:11.2.9

Trust: 0.3

vendor:ciscomodel:ios pscope:eqversion:11.2.8

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.2.8

Trust: 0.3

vendor:ciscomodel:ios f1scope:eqversion:11.2.4

Trust: 0.3

vendor:ciscomodel:ios 12.0tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0dbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0 sscope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0(8)

Trust: 0.3

vendor:ciscomodel:ios 12.0 tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0 t1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.3tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.2pscope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.2(17)

Trust: 0.3

vendor:ciscomodel:ios sa1scope:neversion:11.2.8

Trust: 0.3

vendor:ciscomodel:ios 12.1 t1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 tscope:neversion: -

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:11.0

Trust: 0.3

sources: CERT/CC: VU#24346 // BID: 1154 // CNNVD: CNNVD-200004-074 // NVD: CVE-2000-0380

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0380
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#24346
value: 11.25

Trust: 0.8

CNNVD: CNNVD-200004-074
value: HIGH

Trust: 0.6

VULHUB: VHN-1959
value: HIGH

Trust: 0.1

VULMON: CVE-2000-0380
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2000-0380
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-1959
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#24346 // VULHUB: VHN-1959 // VULMON: CVE-2000-0380 // CNNVD: CNNVD-200004-074 // NVD: CVE-2000-0380

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-1959 // NVD: CVE-2000-0380

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200004-074

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200004-074

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-1959 // VULMON: CVE-2000-0380

EXTERNAL IDS

db:BIDid:1154

Trust: 2.9

db:NVDid:CVE-2000-0380

Trust: 1.8

db:OSVDBid:1302

Trust: 1.8

db:CERT/CCid:VU#24346

Trust: 0.9

db:CNNVDid:CNNVD-200004-074

Trust: 0.7

db:CISCOid:20000514 CISCO IOS HTTP SERVER VULNERABILITY

Trust: 0.6

db:NSFOCUSid:483

Trust: 0.6

db:BUGTRAQid:20000426 CISCO HTTP POSSIBLE BUG:

Trust: 0.6

db:EXPLOIT-DBid:19882

Trust: 0.2

db:SEEBUGid:SSVID-73790

Trust: 0.1

db:VULHUBid:VHN-1959

Trust: 0.1

db:VULMONid:CVE-2000-0380

Trust: 0.1

sources: CERT/CC: VU#24346 // VULHUB: VHN-1959 // VULMON: CVE-2000-0380 // BID: 1154 // CNNVD: CNNVD-200004-074 // NVD: CVE-2000-0380

REFERENCES

url:http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml

Trust: 3.9

url:http://www.securityfocus.com/bid/1154

Trust: 3.6

url:http://archives.neohapsis.com/archives/bugtraq/2000-04/0261.html

Trust: 2.8

url:http://www.osvdb.org/1302

Trust: 2.8

url:http://www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml

Trust: 0.8

url:http://www.nsfocus.net/vulndb/483

Trust: 0.6

url:http://www.cisco.com/warp/public/707/sec_incident_response.shtml

Trust: 0.3

url: -

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.rapid7.com/db/modules/auxiliary/dos/cisco/ios_http_percentpercent

Trust: 0.1

url:https://www.exploit-db.com/exploits/19882/

Trust: 0.1

url:https://www.kb.cert.org/vuls/id/24346

Trust: 0.1

sources: CERT/CC: VU#24346 // VULHUB: VHN-1959 // VULMON: CVE-2000-0380 // BID: 1154 // CNNVD: CNNVD-200004-074 // NVD: CVE-2000-0380

CREDITS

Keith Woodworth※ kwoody@citytel.net

Trust: 0.6

sources: CNNVD: CNNVD-200004-074

SOURCES

db:CERT/CCid:VU#24346
db:VULHUBid:VHN-1959
db:VULMONid:CVE-2000-0380
db:BIDid:1154
db:CNNVDid:CNNVD-200004-074
db:NVDid:CVE-2000-0380

LAST UPDATE DATE

2024-11-22T23:15:57.560000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#24346date:2004-03-30T00:00:00
db:VULHUBid:VHN-1959date:2008-09-10T00:00:00
db:VULMONid:CVE-2000-0380date:2008-09-10T00:00:00
db:BIDid:1154date:2000-04-26T00:00:00
db:CNNVDid:CNNVD-200004-074date:2005-07-27T00:00:00
db:NVDid:CVE-2000-0380date:2024-11-20T23:32:22.360

SOURCES RELEASE DATE

db:CERT/CCid:VU#24346date:2000-11-09T00:00:00
db:VULHUBid:VHN-1959date:2000-04-26T00:00:00
db:VULMONid:CVE-2000-0380date:2000-04-26T00:00:00
db:BIDid:1154date:2000-04-26T00:00:00
db:CNNVDid:CNNVD-200004-074date:2000-04-26T00:00:00
db:NVDid:CVE-2000-0380date:2000-04-26T04:00:00