CVE-2009-0626
https://notcve.org/view.php?id=CVE-2009-0626
The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet. La funcionalidad SSLVPN en Cisco IOS v12.3 hasta v12.4 permite a atacantes remotos provocar una denegación de servicio (reinicio o cuelgue del dispositivo) mediante paquetes HTTPS manipulados. • http://secunia.com/advisories/34438 http://securitytracker.com/id?1021896 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90424.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml http://www.securityfocus.com/bid/34239 http://www.vupen.com/english/advisories/2009/0851 https://exchange.xforce.ibmcloud.com/vulnerabilities/49425 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6919 • CWE-399: Resource Management Errors •
CVE-2009-0470 – Cisco IOS 12.4(23) - HTTP Server Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-0470
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el servidor HTTP en Cisco IOS v12.4(23) permite a atacantes remotos inyectar secuencias de comando web o HTML de su elección a través de PATH_INFO a la URI por defecto bajo (1)level/15/exec/-/ o (2)una vulnerabilidad diferente de CVE-2008-3821. • https://www.exploit-db.com/exploits/32776 http://secunia.com/advisories/33844 http://www.securityfocus.com/archive/1/500674/100/0/threaded http://www.securityfocus.com/bid/33625 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-0471
https://notcve.org/view.php?id=CVE-2009-0471
Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el servidor HTTP en in Cisco IOS v12.4(23) permite a atacantes remotos ejecutar comandos de su elección, como se demostró ejecutando el comando hostname con una petición level/15/configure/-/hostname. • http://secunia.com/advisories/33844 http://www.securityfocus.com/archive/1/500674/100/0/threaded • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2008-3821 – Cisco IOS 12.x - HTTP Server Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-3821
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el servidor HTTP en Cisco IOS v11.0 hasta v12.4, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante (1) la cadena query al programa ping o (2) otros aspectos no especificados de una URI. • https://www.exploit-db.com/exploits/32723 http://jvn.jp/en/jp/JVN28344798/index.html http://osvdb.org/51393 http://osvdb.org/51394 http://secunia.com/advisories/33461 http://securityreason.com/securityalert/4916 http://securitytracker.com/id?1021598 http://www.cisco.com/en/US/products/products_security_response09186a0080a5c501.html http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19 http://www.securityfocus.com/archive/1/500063/100/0/threaded http://www.securi • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, permite a atacantes remotos provocar una denegación de servicio (agotamiento de cola de conexión) a través de múltiples vectores que manipulan información en la tabla de estados del TCP, como lo demuestra sockstress. • http://blog.robertlee.name/2008/10/conjecture-speculation.html http://insecure.org/stf/tcp-dos-attack-explained.html http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html http://marc.info/?l=bugtraq&m=125856010926699&w=2 http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html http://www.cpni • CWE-16: Configuration •