Cisco IOS HTTP %% 拒绝服务漏洞发布时间:2000-04-29 更新时间:2000-04-29 严重程度:中 威胁程度:远程拒绝服务 错误类型:设计错误 利用方式:服务器模式 受影响系统 Misc详细描述 CISCO IOS存在拒绝服务攻击。如果路由器有配置WEB服务 器,如:ip http server 如果使用下面的请求: http://<router-ip>/%% 一些ROUTER会自动重启动。 影响具体版本如下: Cisco IOS 12.0.6 Cisco IOS 12.0.5 Cisco IOS 12.0.4T Cisco IOS 12.0.4S Cisco IOS 12.0.4 Cisco IOS 12.0.3T2 Cisco IOS 12.0.2XG Cisco IOS 12.0.2XF Cisco IOS 12.0.2XD Cisco IOS 12.0.2XC Cisco IOS 12.0.2 Cisco IOS 12.0.1XE Cisco IOS 12.0.1XB Cisco IOS 12.0.1XA3 Cisco IOS 12.0.1W Cisco IOS 12.0T Cisco IOS 12.0S Cisco IOS 12.0DB Cisco IOS 12.0(9)S Cisco IOS 12.0(8) Cisco IOS 12.0(7)T Cisco IOS 12.0(5)T1 Cisco IOS 12.0 Cisco IOS 11.3.1T Cisco IOS 11.3.1ED Cisco IOS 11.3.1 Cisco IOS 11.3T Cisco IOS 11.3 Cisco IOS 11.2.9XA Cisco IOS 11.2.9P Cisco IOS 11.2.8P Cisco IOS 11.2.8 Cisco IOS 11.2.4F1 Cisco IOS 11.2.10BC Cisco IOS 11.2.10 Cisco IOS 11.2P Cisco IOS 11.2(17) Cisco IOS 11.2 Cisco IOS 11.1 测试代码 见描述 解决方案 把CISCO配置成:no ip http server 相关信息 |
