Vulnerabilities > CVE-2011-1649 - Resource Management Errors vulnerability in Cisco products

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
cisco
CWE-399
NVD
Published: 2011-05-31
Updated: 2011-09-07

Summary

The Internet Streamer application in Cisco Content Delivery System (CDS) with software 2.5.7, 2.5.8, and 2.5.9 before build 126 allows remote attackers to cause a denial of service (Web Engine crash) via a crafted URL, aka Bug IDs CSCtg67333 and CSCth25341.

Vulnerable Configurations

Part Description Count
Hardware
Cisco
1
Application
Cisco
3

Common Weakness Enumeration (CWE)

Seebug

bulletinFamilyexploit
descriptionBugtraq ID: 47979 CVE ID:CVE-2011-1649 Cisco Content Delivery System是一款思科公司开发的内容分发系统解决方案。 Cisco Internet Streamer应用程序是Cisco CDS中的一个组件,其WEB服务器存在一个安全漏洞,当解析特定URL时,WEB服务器引擎会崩溃。 未验证攻击者可以利用此漏洞对运行在服务引擎上的WEB服务器进行拒绝服务攻击,设备会继续工作,WEB引擎在攻击之后会重新启动。 Cisco Content Delivery System 2.5.9 Cisco Content Delivery System 2.5.7 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://www.cisco.com/warp/public/707/cisco-sa-20110525-spcdn.shtml
idSSV:20590
last seen2017-11-19
modified2011-05-26
published2011-05-26
reporterRoot
titleCisco CDS Internet Streamer Web服务器远程拒绝服务漏洞

References