CVE-2003-0851
https://notcve.org/view.php?id=CVE-2003-0851
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. OpenSSL 0.9.6k, cuando se ejecuta en Windows, permite a atacantes remotos causar una denegación de servicio (caída por recursión excesiva) mediante secuencias ASN.1 malformadas. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc http://marc.info/?l=bugtraq&m=106796246511667&w=2 http://marc.info/?l=bugtraq&m=108403850228012&w=2 http://rhn.redhat.com/errata/RHSA-2004-119.html http://secunia.com/advisories/17381 http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml http://www.kb.cert.org/vuls/id/412478 http://www.openssl.or •
CVE-2003-0647 – Cisco IOS 12.x/11.x - HTTP Remote Integer Overflow
https://notcve.org/view.php?id=CVE-2003-0647
Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request. Desbordamiento de búfer en el servidor HTTP de Cisco IOS 12.2 y anteriores permite a atacantes remotos ejecutar código arbitrario mediante una petición HTTP GET extremadamente larga (2GB). • https://www.exploit-db.com/exploits/77 http://www.cisco.com/warp/public/707/cisco-sn-20030730-ios-2gb-get.shtml http://www.kb.cert.org/vuls/id/579324 •
CVE-2003-0512
https://notcve.org/view.php?id=CVE-2003-0512
Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge. Cisco IOS 12.2 y anteriores genera un mensaje "% Login Invalid" en vez de solicitar una contraseña cuando se suministra un nombre de usuario inválido, lo que permite a atacantes remotos identificar nombres de usuario válidos e intentar averiguar la contraseña con métodos de fuerza bruta, como ha informado Aironet Bridge. • http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0056.html http://www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml http://www.kb.cert.org/vuls/id/886796 http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003002.htm https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5824 • CWE-310: Cryptographic Issues •
CVE-2003-0511 – Cisco Aironet AP1x00 - GET Denial of Service
https://notcve.org/view.php?id=CVE-2003-0511
The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL. El servidor web de dispostivos inalámbiricos Cisco Aironet AP1x00 Series corriendo ciertos versiones de IOS 12.2 permite a atacantes remotos causar una denegación de servicio (recarga) mediante una URL malformada. • https://www.exploit-db.com/exploits/22962 http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0055.html http://www.cisco.com/warp/public/707/cisco-sa-20030728-ap1x00.shtml http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003001.htm https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5834 •
CVE-2003-0567 – Cisco IOS - 'cisco-bug-44020.c' IPv4 Packet Denial of Service
https://notcve.org/view.php?id=CVE-2003-0567
Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full. Cisco IOS 11.x y 12.0 a 12.2 permite a atacantes remotos causar una denegación de servicio (bloqueo de tráfico) enviando una cierta secuencia de paquetes IPv4 a una interfaz del dispositivo, causando que la cola de entrada de ese interfaz sea marcada como llena. • https://www.exploit-db.com/exploits/60 https://www.exploit-db.com/exploits/59 https://www.exploit-db.com/exploits/62 http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006743.html http://www.cert.org/advisories/CA-2003-15.html http://www.cert.org/advisories/CA-2003-17.html http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml http://www.kb.cert.org/vuls/id/411332 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre& • CWE-20: Improper Input Validation •