Sign-up

ID

VAR-200604-0132


CVE

CVE-2006-1631


TITLE

Cisco 11500 Content Services Switch HTTP Compression Request Handling Remote Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2006-2064

DESCRIPTION

Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service (device reload) via (1) "valid, but obsolete" or (2) "specially crafted" HTTP requests. The Cisco CSS 11500 Content Services Switch is a load balancing device that provides robust and scalable network services (Layer 4-7) for data centers.  The Cisco CSS 11500 has a vulnerability in processing HTTP packets. Successful exploitation of this vulnerability can lead to device reloads and repeated attacks can lead to persistent denial of service. A successful attack can allow an attacker to trigger a reload on the device. A sustained denial-of-service condition can also arise due to repeated attacks. Successful exploitation requires that the network device has been configured for HTTP compression. SOLUTION: Update to version 8.10.1.6. http://www.cisco.com/pcgi-bin/tablebuild.pl/css11500-maint?psrtdcat20e2 Disable HTTP compression. PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060405-css.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-1631 // CNVD: CNVD-2006-2064 // BID: 17383 // IVD: b039947c-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-17739 // PACKETSTORM: 45205

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: b039947c-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2006-2064

AFFECTED PRODUCTS

vendor:ciscomodel:content services switch 11500scope:eqversion:*

Trust: 1.0

vendor:nonemodel: - scope: - version: -

Trust: 0.6

vendor:ciscomodel:css11500 content services switch sscope:eqversion:7.30

Trust: 0.6

vendor:ciscomodel:css11500 content services switch sscope:eqversion:7.20

Trust: 0.6

vendor:ciscomodel:content services switch 11500scope: - version: -

Trust: 0.6

vendor:ciscomodel:css11500 content services switch sscope:eqversion:7.10

Trust: 0.3

vendor:ciscomodel:css11500 content services switchscope:eqversion:7.5

Trust: 0.3

vendor:ciscomodel:css11500 content services switchscope:eqversion:7.4

Trust: 0.3

vendor:ciscomodel:css11500 content services switchscope: - version: -

Trust: 0.3

vendor:content services switch 11500model: - scope:eqversion:*

Trust: 0.2

sources: IVD: b039947c-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2006-2064 // BID: 17383 // CNNVD: CNNVD-200604-051 // NVD: CVE-2006-1631

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-1631
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200604-051
value: MEDIUM

Trust: 0.6

IVD: b039947c-2354-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-17739
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-1631
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IVD: b039947c-2354-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-17739
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: b039947c-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-17739 // CNNVD: CNNVD-200604-051 // NVD: CVE-2006-1631

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-1631

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200604-051

TYPE

other

Trust: 0.8

sources: IVD: b039947c-2354-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200604-051

EXTERNAL IDS

db:NVDid:CVE-2006-1631

Trust: 2.5

db:BIDid:17383

Trust: 2.0

db:SECUNIAid:19552

Trust: 1.8

db:VUPENid:ADV-2006-1257

Trust: 1.7

db:SECTRACKid:1015870

Trust: 1.7

db:OSVDBid:24433

Trust: 1.7

db:CNNVDid:CNNVD-200604-051

Trust: 0.9

db:CNVDid:CNVD-2006-2064

Trust: 0.8

db:CISCOid:20060405 CISCO 11500 CONTENT SERVICES SWITCH HTTP REQUEST VULNERABILITY

Trust: 0.6

db:XFid:25642

Trust: 0.6

db:IVDid:B039947C-2354-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-17739

Trust: 0.1

db:PACKETSTORMid:45205

Trust: 0.1

sources: IVD: b039947c-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2006-2064 // VULHUB: VHN-17739 // BID: 17383 // PACKETSTORM: 45205 // CNNVD: CNNVD-200604-051 // NVD: CVE-2006-1631

REFERENCES

url:http://www.cisco.com/warp/public/707/cisco-sa-20060405-css.shtml

Trust: 1.8

url:http://www.securityfocus.com/bid/17383

Trust: 1.7

url:http://www.osvdb.org/24433

Trust: 1.7

url:http://securitytracker.com/id?1015870

Trust: 1.7

url:http://secunia.com/advisories/19552

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/1257

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/25642

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/25642

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2006/1257

Trust: 0.6

url:http://www.cisco.com/en/us/products/hw/contnetw/ps792/index.html

Trust: 0.3

url:/archive/1/430285

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/5680/

Trust: 0.1

url:http://www.cisco.com/pcgi-bin/tablebuild.pl/css11500-maint?psrtdcat20e2

Trust: 0.1

url:http://secunia.com/advisories/19552/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-17739 // BID: 17383 // PACKETSTORM: 45205 // CNNVD: CNNVD-200604-051 // NVD: CVE-2006-1631

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200604-051

SOURCES

db:IVDid:b039947c-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2006-2064
db:VULHUBid:VHN-17739
db:BIDid:17383
db:PACKETSTORMid:45205
db:CNNVDid:CNNVD-200604-051
db:NVDid:CVE-2006-1631

LAST UPDATE DATE

2024-08-14T14:22:45.349000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2006-2064date:2006-04-05T00:00:00
db:VULHUBid:VHN-17739date:2017-07-20T00:00:00
db:BIDid:17383date:2006-04-05T22:58:00
db:CNNVDid:CNNVD-200604-051date:2006-04-06T00:00:00
db:NVDid:CVE-2006-1631date:2017-07-20T01:30:46.147

SOURCES RELEASE DATE

db:IVDid:b039947c-2354-11e6-abef-000c29c66e3ddate:2006-04-05T00:00:00
db:CNVDid:CNVD-2006-2064date:2006-04-05T00:00:00
db:VULHUBid:VHN-17739date:2006-04-05T00:00:00
db:BIDid:17383date:2006-04-05T00:00:00
db:PACKETSTORMid:45205date:2006-04-06T18:10:32
db:CNNVDid:CNNVD-200604-051date:2006-04-05T00:00:00
db:NVDid:CVE-2006-1631date:2006-04-05T18:04:00