dcsimg
 

iDefense Alert: Cisco Web Administration DDoS Vulnerability

By David Morgenstern  |  Posted 2004-04-01 Email Print this article Print
 
 
 
 
 
 
 

WEBINAR:
On-Demand

Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce


iDefense Inc. on Thursday reported a design error vulnerability in Cisco Systems Inc.' 600 series Web Administration service that opens the router up to a distributed denial-of-service condition.

Security intelligence firm iDefense Inc. on April 1, reported that remote exploitation of a design error vulnerability in Cisco Systems Inc.' 600 series Web Administration service allows for a distributed-denial-of-service (DDoS) condition. The company rated the severity of this security event as high.

The Web Administration service on the Cisco 627, 633, 673, 675, 675E, 677, 677i and 678 routers are unable to properly handle multiple 'GET' requests from separate clients. When the Cisco 600 series router is accessed via the HTTP protocol (TCP port 80) through multiple connections, the Cisco 600 series router will fail, the Reston, Va.-based security company said in Thursday's alert report.

"The Cisco 600 series router will stop routing data and will also stop responding to configuration requests via the web interface. The Cisco 600 series routers commonly ship with the web interface enabled by default, and many ISPs provide them to customers in this default configuration," the report stated.

Click here for the full story.
 
 
 
 
David Morgenstern is Executive Editor/Special Projects of eWEEK. Previously, he served as the news editor of Ziff Davis Internet and editor for Ziff Davis' Storage Supersite.

In 'the days,' he was an award-winning editor with the heralded MacWEEK newsweekly as well as eMediaweekly, a trade publication for managers of professional digital content creation.

David has also worked on the vendor side of the industry, including companies offering professional displays and color-calibration technology, and Internet video.

He can be reached here.

 
 
 
 
 
























By submitting your information, you agree that channelinsider.com may send you channelinsider offers via email, phone and text message, as well as email offers about other products and services that channelinsider believes may be of interest to you. channelinsider will process your information in accordance with the Quinstreet Privacy Policy.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
























By submitting your information, you agree that channelinsider.com may send you channelinsider offers via email, phone and text message, as well as email offers about other products and services that channelinsider believes may be of interest to you. channelinsider will process your information in accordance with the Quinstreet Privacy Policy.

 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date