Sign-up

ID

VAR-200303-0052


CVE

CVE-2002-1557


TITLE

Cisco ONS15454/ONS15327 Optical fiber transmission platform HTTP Request Remote Denial of Service Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200303-080

DESCRIPTION

Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character. An attacker must be able to establish an HTTP connection to the control card in order to exploit this vulnerability. Cisco ONS15454 and Cisco ONS15327 are fiber optic network platforms developed by CISCO. The Cisco ONS15454 and Cisco ONS15327 devices do not process malformed HTTP requests correctly. The CISCO BUG ID of this vulnerability is: CSCdx82962 < *Link: http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml* >

Trust: 1.35

sources: NVD: CVE-2002-1557 // BID: 6082 // VULHUB: VHN-5942 // VULMON: CVE-2002-1557

AFFECTED PRODUCTS

vendor:ciscomodel:optical networking systems softwarescope:eqversion:3.2.0

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:3.3.0

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:3.0

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:3.1.0

Trust: 1.0

vendor:ciscomodel:optical networking systems softwarescope:eqversion:3.2

Trust: 1.0

vendor:ciscomodel:ons 15327scope:eqversion:3.1

Trust: 0.6

vendor:ciscomodel:ons 15454 optical transport platformscope:eqversion:3.2.0

Trust: 0.6

vendor:ciscomodel:ons 15327scope:eqversion:3.2

Trust: 0.6

vendor:ciscomodel:ons 15454 optical transport platformscope:eqversion:3.1.0

Trust: 0.6

vendor:ciscomodel:ons 15454 optical transport platformscope:eqversion:3.0

Trust: 0.6

vendor:ciscomodel:ons 15454 optical transport platformscope:eqversion:3.3

Trust: 0.6

vendor:ciscomodel:ons 15327scope:eqversion:3.0

Trust: 0.6

vendor:ciscomodel:ons 15327scope:eqversion:3.3

Trust: 0.6

vendor:ciscomodel:ons optical transport platformscope:eqversion:154543.3

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:eqversion:154543.2.0

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:eqversion:154543.1.0

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:eqversion:154543.0

Trust: 0.3

vendor:ciscomodel:onsscope:eqversion:153273.3

Trust: 0.3

vendor:ciscomodel:onsscope:eqversion:153273.2

Trust: 0.3

vendor:ciscomodel:onsscope:eqversion:153273.1

Trust: 0.3

vendor:ciscomodel:onsscope:eqversion:153273.0

Trust: 0.3

vendor:ciscomodel:ons optical transport platformscope:neversion:154543.4

Trust: 0.3

vendor:ciscomodel:onsscope:neversion:153273.4

Trust: 0.3

sources: BID: 6082 // CNNVD: CNNVD-200303-080 // NVD: CVE-2002-1557

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-1557
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200303-080
value: MEDIUM

Trust: 0.6

VULHUB: VHN-5942
value: MEDIUM

Trust: 0.1

VULMON: CVE-2002-1557
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2002-1557
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-5942
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-5942 // VULMON: CVE-2002-1557 // CNNVD: CNNVD-200303-080 // NVD: CVE-2002-1557

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1557

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200303-080

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200303-080

EXTERNAL IDS

db:NVDid:CVE-2002-1557

Trust: 2.1

db:BIDid:6082

Trust: 2.1

db:CNNVDid:CNNVD-200303-080

Trust: 0.7

db:CISCOid:20021031 CISCO ONS15454 AND CISCO ONS15327 VULNERABILITIES

Trust: 0.6

db:XFid:10509

Trust: 0.6

db:VULHUBid:VHN-5942

Trust: 0.1

db:VULMONid:CVE-2002-1557

Trust: 0.1

sources: VULHUB: VHN-5942 // VULMON: CVE-2002-1557 // BID: 6082 // CNNVD: CNNVD-200303-080 // NVD: CVE-2002-1557

REFERENCES

url:http://www.securityfocus.com/bid/6082

Trust: 1.9

url:http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml

Trust: 1.8

url:http://www.iss.net/security_center/static/10509.php

Trust: 1.8

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-5942 // VULMON: CVE-2002-1557 // CNNVD: CNNVD-200303-080 // NVD: CVE-2002-1557

CREDITS

This issue was reported in a Cisco Security Advisory.

Trust: 0.3

sources: BID: 6082

SOURCES

db:VULHUBid:VHN-5942
db:VULMONid:CVE-2002-1557
db:BIDid:6082
db:CNNVDid:CNNVD-200303-080
db:NVDid:CVE-2002-1557

LAST UPDATE DATE

2024-08-14T13:40:27.772000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-5942date:2018-10-30T00:00:00
db:VULMONid:CVE-2002-1557date:2018-10-30T00:00:00
db:BIDid:6082date:2009-07-11T18:06:00
db:CNNVDid:CNNVD-200303-080date:2005-10-20T00:00:00
db:NVDid:CVE-2002-1557date:2018-10-30T16:26:17.187

SOURCES RELEASE DATE

db:VULHUBid:VHN-5942date:2003-03-31T00:00:00
db:VULMONid:CVE-2002-1557date:2003-03-31T00:00:00
db:BIDid:6082date:2002-10-31T00:00:00
db:CNNVDid:CNNVD-200303-080date:2002-10-31T00:00:00
db:NVDid:CVE-2002-1557date:2003-03-31T05:00:00