Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Cisco :: cisc5345.htm

Various Cisco products affected of remote reboot/mail relay via httpd
16th May 2002 [SBWID-5345]

	Various Cisco products affected of remote reboot/mail relay via httpd


	 Problem 1



	  Cisco Cache Engine and Content Engine :

	   * Content Engine 507, 560, 590, or 7320 running cache software 2.x, 3.1,

	     4.0.x, or 4.1.x

	   * Cache Engine 505, 550, or 570 running software version 2.2.0 or above

	   * Content Router CR-4430 running ACNS 4.x

	   * Content Distribution Manager CDM-4630 or CDM-4650 running ACNS 4.x


	 Problem 2



	  CSS 11000 series switches running :

	   * 04.01.053s and earlier

	   * 05.00.038s and earlier

	   * 05.01.012s and earlier

	   * 05.02.005s and earlier


	In Cisco security advisories :


	Credit to : James Mancini of Netreo Inc.






	 Problem 1



	It has been reported to Cisco that the affected products were  activelly
	abused as mail relayers. This  is  done  in  instructing  the  https/ftp
	proxy to relay instructions to SMTP.

	 Problem 2



	Sending XML data, or HTML POST to the https servers (8081)  will  reboot
	the device.






	  Problem 1



	Cisco recommands to blocks the use of redirected proxy requests for  any
	port other than 443.

	    https destination-port allow 443

	    https destination-port deny all


	If the HTTPS proxy  is  not  necessary  to  an  installation,  then  the
	command \"https destination-port allow 443\" can be excluded .

	  Problem 2



	Cisco recommands to :

	 Disable web-based management of the device:

	 restrict web-mgmt 

	 restrict xml 






	Patches are available for both issues, follow the  link  at  the  to  of

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH