Sign-up

ID

VAR-200208-0079


CVE

CVE-2002-0792


TITLE

Cisco Content Service Switch reboots when HTTPS POST request is sent to web management interface

Trust: 0.8

sources: CERT/CC: VU#330275

DESCRIPTION

The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data. These switches run WebNS software. The attacker does not need to be authenticated to cause this condition to occur. The CSS 11000 series switches are known to be affected by this vulnerability. Since this issue occurs before authentication, any remote attacker without authentication can perform a denial of service attack

Trust: 2.97

sources: NVD: CVE-2002-0792 // CERT/CC: VU#330275 // CERT/CC: VU#686939 // BID: 4747 // BID: 4748 // VULHUB: VHN-5183

AFFECTED PRODUCTS

vendor:ciscomodel: - scope: - version: -

Trust: 1.6

vendor:ciscomodel:webnsscope:eqversion:5.0_1.012s

Trust: 1.6

vendor:ciscomodel:webnsscope:eqversion:5.0_2.005s

Trust: 1.6

vendor:ciscomodel:webnsscope:eqversion:5.1_0.0.10

Trust: 1.6

vendor:ciscomodel:webnsscope:eqversion:4.0_1.053s

Trust: 1.6

vendor:ciscomodel:webnsscope:eqversion:5.0_0.038s

Trust: 1.6

vendor:ciscomodel:content services switch 11000scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:webnsscope:eqversion:5.10.0.10

Trust: 0.6

vendor:ciscomodel:webns 2.005sscope:eqversion:5.0

Trust: 0.6

vendor:ciscomodel:webns 1.012sscope:eqversion:5.0

Trust: 0.6

vendor:ciscomodel:webns 0.038sscope:eqversion:5.0

Trust: 0.6

vendor:ciscomodel:webns 1.053sscope:eqversion:4.0

Trust: 0.6

vendor:ciscomodel:content services switch 11000scope: - version: -

Trust: 0.6

sources: CERT/CC: VU#330275 // CERT/CC: VU#686939 // BID: 4747 // BID: 4748 // CNNVD: CNNVD-200208-139 // NVD: CVE-2002-0792

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-0792
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#330275
value: 16.88

Trust: 0.8

CARNEGIE MELLON: VU#686939
value: 12.66

Trust: 0.8

CNNVD: CNNVD-200208-139
value: MEDIUM

Trust: 0.6

VULHUB: VHN-5183
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2002-0792
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-5183
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#330275 // CERT/CC: VU#686939 // VULHUB: VHN-5183 // CNNVD: CNNVD-200208-139 // NVD: CVE-2002-0792

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0792

THREAT TYPE

network

Trust: 0.6

sources: BID: 4747 // BID: 4748

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.6

sources: BID: 4747 // BID: 4748

EXTERNAL IDS

db:BIDid:4747

Trust: 2.8

db:BIDid:4748

Trust: 2.8

db:CERT/CCid:VU#330275

Trust: 2.5

db:CERT/CCid:VU#686939

Trust: 2.5

db:NVDid:CVE-2002-0792

Trust: 2.3

db:CNNVDid:CNNVD-200208-139

Trust: 0.7

db:XFid:9083

Trust: 0.6

db:CISCOid:20020515 CONTENT SERVICE SWITCH WEB MANAGEMENT HTTP PROCESSING VULNERABILITIES

Trust: 0.6

db:VULHUBid:VHN-5183

Trust: 0.1

sources: CERT/CC: VU#330275 // CERT/CC: VU#686939 // VULHUB: VHN-5183 // BID: 4747 // BID: 4748 // CNNVD: CNNVD-200208-139 // NVD: CVE-2002-0792

REFERENCES

url:http://www.cisco.com/warp/public/707/css-http-post-pub.shtml

Trust: 4.3

url:http://www.securityfocus.com/bid/4747

Trust: 3.5

url:http://www.securityfocus.com/bid/4748

Trust: 3.5

url:http://www.kb.cert.org/vuls/id/330275

Trust: 2.7

url:http://www.kb.cert.org/vuls/id/686939

Trust: 2.7

url:http://www.iss.net/security_center/static/9083.php

Trust: 2.7

url:http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html

Trust: 0.6

sources: CERT/CC: VU#330275 // CERT/CC: VU#686939 // VULHUB: VHN-5183 // BID: 4747 // BID: 4748 // CNNVD: CNNVD-200208-139 // NVD: CVE-2002-0792

CREDITS

Cisco Systems Product Security Incident Response Team※ psirt@cisco.com

Trust: 0.6

sources: CNNVD: CNNVD-200208-139

SOURCES

db:CERT/CCid:VU#330275
db:CERT/CCid:VU#686939
db:VULHUBid:VHN-5183
db:BIDid:4747
db:BIDid:4748
db:CNNVDid:CNNVD-200208-139
db:NVDid:CVE-2002-0792

LAST UPDATE DATE

2024-11-22T23:13:29.844000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#330275date:2002-05-30T00:00:00
db:CERT/CCid:VU#686939date:2002-05-30T00:00:00
db:VULHUBid:VHN-5183date:2008-09-05T00:00:00
db:BIDid:4747date:2009-07-11T12:46:00
db:BIDid:4748date:2009-07-11T12:46:00
db:CNNVDid:CNNVD-200208-139date:2005-10-20T00:00:00
db:NVDid:CVE-2002-0792date:2024-11-20T23:39:52.970

SOURCES RELEASE DATE

db:CERT/CCid:VU#330275date:2002-05-22T00:00:00
db:CERT/CCid:VU#686939date:2002-05-22T00:00:00
db:VULHUBid:VHN-5183date:2002-08-12T00:00:00
db:BIDid:4747date:2002-05-15T00:00:00
db:BIDid:4748date:2002-05-15T00:00:00
db:CNNVDid:CNNVD-200208-139date:2002-05-15T00:00:00
db:NVDid:CVE-2002-0792date:2002-08-12T04:00:00