Vulnerabilities > CVE-2019-12665 - Unspecified vulnerability in Cisco IOS 15.6(2)T/Fd1.5.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker could exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been sent through an encrypted channel.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 |
Nessus
NASL family CISCO NASL id CISCO-SA-20190925-HTTP-CLIENT-IOS.NASL description According to its self-reported version, IOS is affected by a vulnerability in the HTTP client feature that allows an unauthenticated, remote attacker to read and modify data that should normally be sent via an encrypted channel. This vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker can exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been set through an encrypted channel. Please see the included Cisco BIDs and Cisco Security Advisory for more information. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 129778 published 2019-10-10 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129778 title Cisco IOS HTTP Client Information Disclosure Vulnerability (cisco-sa-20190925-http-client) code #TRUSTED 6a376f84502324d8806784713f33f8a62d1584f223e9126b643c01a43ce0f87fc6de078b3193e9338c3f244412be8816f58f5288bb5351a23e122a5da3f376a07dff547e423696285d555f848134498f5f301ec0eff377f77a621bcaa826957dfcfac8cf59fbdf33aa39d922db8f5323125359e75051e311fa7f46dec8f0db33e4c29a598d0c98bbbd8a18ea5363814d75b1bfee8e88089d3df34613978780eebcbc23efba489700d701caf75c67921a07fe41bd94de679b0dafb164c9de1079a57b0e263a4ee8316914674b8571fa98e3e518d736549e6195ae78d9c213962c3d539179938b9b8acd7d4206cffef8585a30556221c4a1a8b687e59a93b2e1721d7c19e98837478d76875e31a5896c6ee45a974c8d7a191dc7d5ff6ae191e96fcbe89ef5439f850f5f65bace9e0e4f131f4798b73a200301ba13f1887f5a61e833365b41524585c29fc941ac21c21228d51e312e9293dbd28864e0f67a81e4812a350dab89352ea3444225763578ec7d6e83f36bf5a2eb9c4b1783061fb980f8deb684ee868202035cc8a39d187d26ec326e2e1d63d202bd2ac07a219f81e3dd5c3664052df716837d6ddd42d6686609291921ae0a4bbb22fbdf96ba97d27ae2b774433cf57e9816a3cea739fc023e66559512bb5a399f7d69b530d8bb68897c9a319237b00bb4bb3fafeb064a93006d7732473a1fcc84354c79435be5ce1fc2 # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(129778); script_version("1.5"); script_cvs_date("Date: 2019/12/20"); script_cve_id("CVE-2019-12665"); script_xref(name:"CISCO-BUG-ID", value:"CSCvf36258"); script_xref(name:"CISCO-SA", value:"cisco-sa-20190925-http-client"); script_xref(name:"IAVA", value:"2019-A-0354"); script_name(english:"Cisco IOS HTTP Client Information Disclosure Vulnerability (cisco-sa-20190925-http-client)"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch"); script_set_attribute(attribute:"description", value: "According to its self-reported version, IOS is affected by a vulnerability in the HTTP client feature that allows an unauthenticated, remote attacker to read and modify data that should normally be sent via an encrypted channel. This vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker can exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been set through an encrypted channel. Please see the included Cisco BIDs and Cisco Security Advisory for more information. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-http-client script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0e0771c9"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf36258"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvf36258"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12665"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(399); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/25"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_ios_version.nasl"); script_require_keys("Host/Cisco/IOS/Version"); exit(0); } include('audit.inc'); include('cisco_workarounds.inc'); include('ccf.inc'); product_info = cisco::get_product_info(name:'Cisco IOS'); version_list=make_list( '12.2(15)B', '12.2(16)B1', '12.2(16)B3', '12.2(16)B2', '12.2(15)B1', '12.2(16)B', '12.2(31)XN', '12.2(31)XN2', '12.2(31b)XN3', '12.2(31)XN3', '12.2(31a)XN3', '12.2(31c)XN2', '12.2(31a)XN2', '12.2(31b)XN2', '12.2(31)XN1', '12.2(31c)XN3', '12.2(15)XR', '12.2(15)XR1', '12.2(15)XR2', '12.2(15)BC2a', '12.2(15)BC1a', '12.2(15)BC1b', '12.2(15)BC2d', '12.2(15)BC2g', '12.2(15)BC1g', '12.2(15)BC2i', '12.2(15)BC1c', '12.2(15)BC2c', '12.2(15)BC2f', '12.2(15)BC1d', '12.2(15)BC1', '12.2(15)BC2', '12.2(15)BC2e', '12.2(15)BC1e', '12.2(15)BC2h', '12.2(15)BC1f', '12.2(15)BC2b', '12.2(15)BX', '12.2(16)BX', '12.2(16)BX2', '12.2(16)BX3', '12.2(16)BX1', '12.2(15)BZ1', '12.2(15)BZ', '12.2(15)BZ2', '12.2(15)CX', '12.2(15)CX1', '12.2(33)CX', '12.2(33)CY', '12.2(33)CY1', '12.2(33)CY2', '12.2(15)JA', '12.2(15)MC1c', '12.2(15)MC2g', '12.2(15)MC2k', '12.2(15)MC1b', '12.2(15)MC2b', '12.2(15)MC2a', '12.2(15)MC2m', '12.2(15)MC1', '12.2(15)MC2', '12.2(15)MC2f', '12.2(15)MC2j', '12.2(15)MC2e', '12.2(15)MC1a', '12.2(15)MC2c', '12.2(15)MC2i', '12.2(15)MC2h', '12.2(15)MC2l', '12.2(13)ZD', '12.2(13)ZD3', '12.2(13)ZD2', '12.2(13)ZD1', '12.2(13)ZD4', '12.2(13)ZE', '12.2(13)ZH', '12.2(13)ZH5', '12.2(13)ZH9', '12.2(13)ZH2', '12.2(13)ZH8', '12.2(13)ZH10', '12.2(13)ZH4', '12.2(13)ZH3', '12.2(13)ZH7', '12.2(13)ZH6', '12.2(13)ZH1', '12.2(15)ZJ', '12.2(15)ZJ2', '12.2(15)ZJ1', '12.2(15)ZJ4', '12.2(15)ZJ3', '12.2(15)ZJ5', '12.3(9a)', '12.3(15)', '12.3(19)', '12.3(10f)', '12.3(10a)', '12.3(1)', '12.3(1a)', '12.3(10)', '12.3(10b)', '12.3(10c)', '12.3(10d)', '12.3(10e)', '12.3(12b)', '12.3(12a)', '12.3(12c)', '12.3(12d)', '12.3(12e)', '12.3(12)', '12.3(13)', '12.3(13a)', '12.3(13b)', '12.3(15a)', '12.3(16)', '12.3(17)', '12.3(17a)', '12.3(17b)', '12.3(18)', '12.3(20)', '12.3(3f)', '12.3(3e)', '12.3(3d)', '12.3(3g)', '12.3(3c)', '12.3(3b)', '12.3(3a)', '12.3(3)', '12.3(3i)', '12.3(3h)', '12.3(5c)', '12.3(5b)', '12.3(5a)', '12.3(5)', '12.3(5f)', '12.3(5e)', '12.3(5d)', '12.3(6f)', '12.3(6e)', '12.3(6d)', '12.3(6c)', '12.3(6b)', '12.3(6a)', '12.3(6)', '12.3(9d)', '12.3(9e)', '12.3(9)', '12.3(9b)', '12.3(9c)', '12.3(16a)', '12.3(15b)', '12.3(21)', '12.3(21a)', '12.3(22)', '12.3(21b)', '12.3(23)', '12.3(26)', '12.3(20a)', '12.3(22a)', '12.3(25)', '12.3(17c)', '12.3(24)', '12.3(19a)', '12.3(24a)', '12.3(18a)', '12.3(1a)B', '12.3(3)B', '12.3(5a)B', '12.3(3)B1', '12.3(5a)B3', '12.3(5a)B2', '12.3(5a)B0a', '12.3(5a)B5', '12.3(5a)B4', '12.3(5a)B1', '12.3(11)T', '12.3(7)T12', '12.3(11)T11', '12.3(11)T10', '12.3(14)T7', '12.3(14)T', '12.3(8)T', '12.3(2)T', '12.3(4)T', '12.3(7)T', '12.3(8)T9', '12.3(11)T2a', '12.3(2)T9', '12.3(8)T6', '12.3(4)T2a', '12.3(4)T12', '12.3(4)T9', '12.3(14)T4', '12.3(4)T4', '12.3(2)T1', '12.3(8)T2', '12.3(11)T5', '12.3(7)T3', '12.3(2)T2', '12.3(8)T3', '12.3(4)T7', '12.3(8)T7', '12.3(11)T8', '12.3(7)T2', '12.3(8)T4', '12.3(8)T8', '12.3(14)T5', '12.3(11)T3', '12.3(4)T10', '12.3(2)T4', '12.3(8)T10', '12.3(14)T2', '12.3(4)T2', '12.3(7)T7', '12.3(7)T10', '12.3(4)T5', '12.3(7)T4', '12.3(11)T6', '12.3(7)T11', '12.3(4)T6', '12.3(2)T3', '12.3(2)T5', '12.3(2)T6', '12.3(7)T5', '12.3(4)T3', '12.3(14)T3', '12.3(2)T8', '12.3(11)T4', '12.3(7)T9', '12.3(8)T11', '12.3(11)T1', '12.3(8)T0a', '12.3(11)T9', '12.3(7)T8', '12.3(4)T1', '12.3(8)T5', '12.3(4)T11', '12.3(4)T8', '12.3(14)T1', '12.3(11)T2', '12.3(7)T6', '12.3(2)T7', '12.3(11)T7', '12.3(7)T1', '12.3(14)T6', '12.3(11)T12', '12.3(8)T1', '12.2(15)CZ', '12.2(15)CZ1', '12.2(15)CZ3', '12.2(15)CZ2', '12.2(15)JK', '12.2(15)JK3', '12.2(15)JK5', '12.2(15)JK2', '12.2(15)JK1', '12.2(15)JK4', '12.2(15)ZK', '12.2(15)ZK5', '12.2(15)ZK4', '12.2(15)ZK1', '12.2(15)ZK6', '12.2(15)ZK3', '12.2(15)ZK2', '12.2(15)ZO', '12.3(2)XA', '12.3(2)XA4', '12.3(2)XA7', '12.3(2)XA1', '12.3(2)XA3', '12.3(2)XA6', '12.3(2)XA2', '12.3(2)XA5', '12.3(4)XQ1', '12.3(4)XN', '12.3(4)XN1', '12.3(4)XN2', '12.3(11)XL', '12.3(7)XL', '12.3(11)XL1', '12.3(11)XL3', '12.3(11)XL2', '12.3(4)XK3', '12.3(4)XK1', '12.3(4)XK4', '12.3(4)XK', '12.3(4)XK2', '12.3(7)XJ', '12.3(7)XJ1', '12.3(7)XJ2', '12.3(7)XI8', '12.3(7)XI', '12.3(7)XI7', '12.3(7)XI8d', '12.3(7)XI10a', '12.3(7)XI3e', '12.3(7)XI8a', '12.3(7)XI2c', '12.3(7)XI1a', '12.3(7)XI4', '12.3(7)XI8g', '12.3(7)XI1', '12.3(7)XI1b', '12.3(7)XI7a', '12.3(7)XI10b', '12.3(7)XI2a', '12.3(7)XI10', '12.3(7)XI7b', '12.3(7)XI3d', '12.3(7)XI1c', '12.3(7)XI2b', '12.3(7)XI8f', '12.3(7)XI3a', '12.3(7)XI9', '12.3(7)XI3', '12.3(7)XI6', '12.3(7)XI8c', '12.3(7)XI2', '12.3(7)XI5', '12.3(7)XI3b', '12.3(7)XI8e', '12.3(4)XH', '12.3(4)XH1', '12.3(4)XG', '12.3(4)XG3', '12.3(4)XG1', '12.3(4)XG4', '12.3(4)XG2', '12.3(4)XG5', '12.3(2)XF', '12.3(2)XE', '12.3(2)XE5', '12.3(2)XE2', '12.3(2)XE1', '12.3(2)XE4', '12.3(2)XE3', '12.3(4)XD', '12.3(4)XD4', '12.3(4)XD1', '12.3(4)XD3', '12.3(4)XD2', '12.3(2)XC', '12.3(2)XC4', '12.3(2)XC3', '12.3(2)XC2', '12.3(2)XC1', '12.3(2)XC5', '12.3(2)XB2', '12.3(2)XB', '12.3(2)XB3', '12.3(2)XB1', '12.2(25)EW', '12.2(25)EWA', '12.2(25)EWA6', '12.2(25)EWA5', '12.2(25)EWA1', '12.2(25)EWA10', '12.2(25)EWA8', '12.2(25)EWA11', '12.2(25)EWA9', '12.2(25)EWA2', '12.2(25)EWA14', '12.2(25)EWA4', '12.2(25)EWA3', '12.2(25)EWA7', '12.2(25)EWA12', '12.2(25)EWA13', '12.2(35)SE', '12.2(25)SE', '12.2(37)SE', '12.2(53)SE1', '12.2(55)SE', '12.2(25)SE2', '12.2(40)SE2', '12.2(46)SE', '12.2(46)SE2', '12.2(50)SE2', '12.2(35)SE5', '12.2(50)SE1', '12.2(44)SE2', '12.2(35)SE1', '12.2(50)SE5', '12.2(35)SE4', '12.2(44)SE1', '12.2(53)SE', '12.2(37)SE1', '12.2(25)SE3', '12.2(35)SE3', '12.2(44)SE4', '12.2(55)SE3', '12.2(55)SE2', '12.2(40)SE', '12.2(44)SE', '12.2(52)SE', '12.2(58)SE', '12.2(50)SE3', '12.2(55)SE1', '12.2(35)SE2', '12.2(40)SE1', '12.2(44)SE6', '12.2(44)SE3', '12.2(53)SE2', '12.2(52)SE1', '12.2(46)SE1', '12.2(54)SE', '12.2(44)SE5', '12.2(50)SE4', '12.2(50)SE', '12.2(58)SE1', '12.2(55)SE4', '12.2(58)SE2', '12.2(55)SE5', '12.2(55)SE6', '12.2(55)SE7', '12.2(55)SE8', '12.2(55)SE9', '12.2(55)SE10', '12.2(55)SE11', '12.2(55)SE12', '12.2(55)SE13', '12.2(33)ZI', '12.2(15)ZN', '12.3(7)XM', '12.3(7)XR', '12.3(7)XR4', '12.3(7)XR3', '12.3(7)XR5', '12.3(7)XR6', '12.3(7)XR1', '12.3(7)XR2', '12.3(7)XR7', '12.3(2)XT', '12.3(2)XT1', '12.3(2)XT2', '12.3(2)XT3', '12.3(8)XU', '12.3(8)XU5', '12.3(8)XU2', '12.3(8)XU1', '12.3(8)XU4', '12.3(8)XU3', '12.3(8)XX', '12.3(8)XX2a', '12.3(8)XX2', '12.3(8)XX1', '12.3(8)XX2d', '12.3(8)XX2b', '12.3(8)XX2e', '12.3(8)XX2c', '12.3(8)XW', '12.3(8)XW2', '12.3(8)XW3', '12.3(8)XW1', '12.3(8)XW1b', '12.3(8)XW1a', '12.3(8)XY', '12.3(8)XY3', '12.3(8)XY5', '12.3(8)XY4', '12.3(8)XY1', '12.3(8)XY7', '12.3(8)XY2', '12.3(8)XY6', '12.3(2)XZ1', '12.3(2)XZ2', '12.3(8)YD', '12.3(8)YD1', '12.3(4)YE', '12.3(4)YE1', '12.3(11)YF', '12.3(11)YF2', '12.3(11)YF3', '12.3(11)YF4', '12.3(11)YF1', '12.3(8)YG', '12.3(8)YG7', '12.3(8)YG5', '12.3(8)YG3', '12.3(8)YG6', '12.3(8)YG2', '12.3(8)YG1', '12.3(8)YG4', '12.3(13a)BC6', '12.3(17a)BC2', '12.3(17a)BC', '12.3(13a)BC', '12.3(21)BC', '12.3(9a)BC', '12.3(21a)BC9', '12.3(21a)BC4', '12.3(9a)BC9', '12.3(17b)BC6', '12.3(13a)BC2', '12.3(23)BC', '12.3(17b)BC3', '12.3(9a)BC2', '12.3(17b)BC9', '12.3(23)BC8', '12.3(23)BC10', '12.3(23)BC1', '12.3(9a)BC1', '12.3(17b)BC8', '12.3(9a)BC3', '12.3(23)BC9', '12.3(21a)BC6', '12.3(9a)BC6', '12.3(9a)BC5', '12.3(23)BC7', '12.3(13a)BC3', '12.3(23)BC6', '12.3(23)BC4', '12.3(13a)BC1', '12.3(17b)BC5', '12.3(21a)BC8', '12.3(9a)BC8', '12.3(21a)BC3', '12.3(21a)BC7', '12.3(9a)BC7', '12.3(23)BC5', '12.3(13a)BC5', '12.3(9a)BC4', '12.3(21a)BC2', '12.3(13a)BC4', '12.3(17b)BC7', '12.3(23)BC3', '12.3(21a)BC1', '12.3(17a)BC1', '12.3(17b)BC4', '12.3(23)BC2', '12.3(21a)BC5', '12.3(1a)BW', '12.3(8)YC', '12.3(8)YC2', '12.3(8)YC3', '12.3(8)YC1', '12.3(11)YJ', '12.3(11)YL', '12.3(11)YL2', '12.3(11)YL1', '12.3(8)YI', '12.3(8)YI2', '12.3(8)YI3', '12.3(8)YI1', '12.3(11)YK', '12.3(11)YK1', '12.3(11)YK2', '12.3(11)YK3', '12.2(25)EX', '12.2(35)EX', '12.2(44)EX', '12.2(35)EX2', '12.2(40)EX3', '12.2(40)EX', '12.2(53)EX', '12.2(37)EX', '12.2(52)EX', '12.2(44)EX1', '12.2(35)EX1', '12.2(25)EX1', '12.2(40)EX2', '12.2(40)EX1', '12.2(55)EX', '12.2(46)EX', '12.2(52)EX1', '12.2(55)EX1', '12.2(55)EX2', '12.2(55)EX3', '12.2(58)EX', '12.2(25)SEB', '12.2(25)SEB2', '12.2(25)SEB1', '12.2(25)SEB4', '12.2(25)SEB3', '12.2(25)SEA', '12.2(25)EY', '12.2(46)EY', '12.2(55)EY', '12.2(52)EY1', '12.2(25)EY1', '12.2(44)EY', '12.2(52)EY', '12.2(53)EY', '12.2(25)EY3', '12.2(52)EY2', '12.2(37)EY', '12.2(25)EY2', '12.2(25)EY4', '12.2(52)EY1b', '12.2(52)EY1c', '12.2(58)EY', '12.2(52)EY3', '12.2(52)EY2a', '12.2(58)EY1', '12.2(52)EY4', '12.2(52)EY3a', '12.2(58)EY2', '12.2(52)EY1a', '12.3(2)JA', '12.3(2)JA1', '12.3(2)JA3', '12.3(2)JA4', '12.3(7)JA1', '12.3(7)JA', '12.3(8)JA2', '12.3(11)JA', '12.3(7)JA4', '12.3(4)JA2', '12.3(7)JA5', '12.3(11)JA3', '12.3(11)JA4', '12.3(11)JA2', '12.3(11)JA1', '12.3(7)JA3', '12.3(14)YQ8', '12.3(14)YQ', '12.3(14)YQ5', '12.3(14)YQ4', '12.3(14)YQ7', '12.3(14)YQ1', '12.3(14)YQ6', '12.3(14)YQ3', '12.3(14)YQ2', '12.3(7)YB', '12.3(7)YB1', '12.3(11)YR', '12.3(11)YR1', '12.3(11)YS', '12.3(11)YS1', '12.3(11)YS2', '12.4(3e)', '12.4(7b)', '12.4(8)', '12.4(5b)', '12.4(7a)', '12.4(3d)', '12.4(1)', '12.4(1a)', '12.4(1b)', '12.4(1c)', '12.4(10)', '12.4(3)', '12.4(3a)', '12.4(3b)', '12.4(3c)', '12.4(3f)', '12.4(5)', '12.4(5a)', '12.4(7c)', '12.4(7)', '12.4(8a)', '12.4(8b)', '12.4(7d)', '12.4(3g)', '12.4(8c)', '12.4(10b)', '12.4(12)', '12.4(12a)', '12.4(12b)', '12.4(13)', '12.4(13a)', '12.4(13b)', '12.4(13c)', '12.4(7e)', '12.4(17)', '12.4(25e)', '12.4(18b)', '12.4(18e)', '12.4(25g)', '12.4(3i)', '12.4(3j)', '12.4(23b)', '12.4(3h)', '12.4(7h)', '12.4(25a)', '12.4(23d)', '12.4(23e)', '12.4(16)', '12.4(13d)', '12.4(25)', '12.4(25c)', '12.4(18d)', '12.4(19)', '12.4(13e)', '12.4(25b)', '12.4(23)', '12.4(10c)', '12.4(21)', '12.4(16b)', '12.4(19b)', '12.4(16a)', '12.4(23a)', '12.4(25d)', '12.4(23c)', '12.4(7f)', '12.4(18)', '12.4(21a)', '12.4(13f)', '12.4(25f)', '12.4(18c)', '12.4(5c)', '12.4(8d)', '12.4(12c)', '12.4(17a)', '12.4(18a)', '12.4(17b)', '12.4(7g)', '12.2(25)EZ', '12.2(25)EZ1', '12.2(58)EZ', '12.2(53)EZ', '12.2(55)EZ', '12.2(60)EZ', '12.2(60)EZ1', '12.2(60)EZ2', '12.2(60)EZ3', '12.2(60)EZ4', '12.2(60)EZ5', '12.2(60)EZ6', '12.2(60)EZ7', '12.2(60)EZ8', '12.2(60)EZ9', '12.2(60)EZ10', '12.2(60)EZ11', '12.2(60)EZ12', '12.2(60)EZ13', '12.2(60)EZ14', '12.2(60)EZ16', '12.2(25)SEC', '12.2(25)SEC2', '12.2(25)SEC1', '12.3(2)JK', '12.3(2)JK1', '12.3(2)JK2', '12.3(8)JK', '12.3(8)JK1', '12.3(2)JK3', '12.3(14)YU', '12.3(14)YU1', '12.4(6)MR1', '12.4(11)MR', '12.4(2)MR', '12.4(4)MR', '12.4(6)MR', '12.4(9)MR', '12.4(12)MR', '12.4(16)MR', '12.4(16)MR1', '12.4(19)MR2', '12.4(19)MR1', '12.4(19)MR', '12.4(20)MR', '12.4(4)MR1', '12.4(19)MR3', '12.4(12)MR1', '12.4(20)MR2', '12.4(16)MR2', '12.4(12)MR2', '12.4(2)MR1', '12.4(20)MR1', '12.4(4)T', '12.4(4)T1', '12.4(4)T2', '12.4(4)T3', '12.4(6)T', '12.4(6)T1', '12.4(6)T2', '12.4(9)T', '12.4(4)T4', '12.4(2)T5', '12.4(6)T3', '12.4(2)T', '12.4(11)T', '12.4(15)T', '12.4(20)T', '12.4(24)T', '12.4(24)T3', '12.4(4)T8', '12.4(20)T1', '12.4(22)T1', '12.4(15)T9', '12.4(11)T4', '12.4(15)T8', '12.4(6)T5', '12.4(15)T15', '12.4(24)T5', '12.4(15)T2', '12.4(6)T8', '12.4(6)T5b', '12.4(15)T12', '12.4(24)T4', '12.4(6)T11', '12.4(9)T5', '12.4(20)T3', '12.4(6)T4', '12.4(6)T5f', '12.4(4)T6', '12.4(22)T', '12.4(15)T6a', '12.4(20)T6', '12.4(9)T3', '12.4(24)T8', '12.4(6)T7', '12.4(15)T13', '12.4(6)T10', '12.4(15)T3', '12.4(24)T2', '12.4(22)T5', '12.4(2)T3', '12.4(15)T10', '12.4(22)T4', '12.4(20)T5', '12.4(9)T6', '12.4(15)T4', '12.4(6)T5e', '12.4(2)T4', '12.4(24)T1', '12.4(9)T4', '12.4(24)T7', '12.4(22)T3', '12.4(20)T9', '12.4(9)T1', '12.4(24)T6', '12.4(6)T9', '12.4(6)T12', '12.4(15)T13b', '12.4(20)T5a', '12.4(15)T5', '12.4(4)T7', '12.4(20)T2', '12.4(2)T1', '12.4(11)T1', '12.4(15)T11', '12.4(6)T5c', '12.4(2)T6', '12.4(9)T0a', '12.4(2)T2', '12.4(15)T7', '12.4(11)T2', '12.4(9)T7', '12.4(15)T14', '12.4(11)T3', '12.4(15)T6', '12.4(15)T16', '12.4(15)T1', '12.4(9)T2', '12.4(6)T6', '12.4(6)T5a', '12.4(22)T2', '12.4(6)T5d', '12.4(4)T5', '12.4(20)T4', '12.4(24)T4a', '12.4(24)T4b', '12.4(24)T3e', '12.4(24)T4c', '12.4(15)T17', '12.4(24)T4d', '12.4(24)T9', '12.4(24)T4e', '12.4(24)T3f', '12.4(24)T4f', '12.4(24)T4g', '12.4(24)T4h', '12.4(24)T10', '12.4(24)T4i', '12.4(24)T4j', '12.4(24)T4k', '12.4(24)T4l', '12.4(24)T11', '12.4(24)T4m', '12.4(24)T4n', '12.4(24)T12', '12.4(24)T4o', '12.3(14)YT', '12.3(14)YT1', '12.2(31)SG', '12.2(25)SG', '12.2(37)SG', '12.2(44)SG', '12.2(50)SG3', '12.2(31)SG1', '12.2(31)SG3', '12.2(50)SG6', '12.2(53)SG1', '12.2(46)SG', '12.2(25)SG1', '12.2(53)SG2', '12.2(50)SG5', '12.2(37)SG1', '12.2(53)SG3', '12.2(50)SG8', '12.2(25)SG3', '12.2(50)SG2', '12.2(40)SG', '12.2(25)SG2', '12.2(54)SG1', '12.2(44)SG1', '12.2(50)SG1', '12.2(52)SG', '12.2(54)SG', '12.2(31)SG2', '12.2(50)SG', '12.2(25)SG4', '12.2(50)SG7', '12.2(53)SG4', '12.2(50)SG4', '12.2(46)SG1', '12.2(53)SG5', '12.2(53)SG6', '12.2(53)SG7', '12.2(53)SG8', '12.2(53)SG9', '12.2(53)SG10', '12.2(53)SG11', '12.2(25)FX', '12.2(25)FY', '12.3(7)JX2', '12.3(7)JX1', '12.3(7)JX4', '12.3(11)JX', '12.3(7)JX7', '12.3(7)JX9', '12.3(11)JX1', '12.3(7)JX6', '12.3(7)JX5', '12.3(7)JX3', '12.3(7)JX8', '12.3(4)TPC11b', '12.3(4)TPC11a', '12.4(2)XB', '12.4(2)XB1', '12.4(2)XB6', '12.4(2)XB7', '12.4(2)XB11', '12.4(2)XB3', '12.4(2)XB9', '12.4(2)XB8', '12.4(2)XB2', '12.4(2)XB10', '12.4(2)XB4', '12.4(2)XB5', '12.4(2)XB12', '12.4(2)XA', '12.4(2)XA1', '12.4(2)XA2', '12.3(14)YM8', '12.3(14)YM12', '12.3(14)YM4', '12.3(14)YM3', '12.3(14)YM7', '12.3(14)YM1', '12.3(14)YM11', '12.3(14)YM9', '12.3(14)YM6', '12.3(14)YM10', '12.3(14)YM13', '12.3(14)YM5', '12.3(14)YM2', '12.2(31)SB', '12.2(31)SB1a', '12.2(31)SB10c', '12.2(31)SB9b', '12.2(31)SB4', '12.2(31)SB3x', '12.2(33)SB3', '12.2(31)SB9a', '12.2(31)SB1b', '12.2(31)SB2a', '12.2(34)SB2', '12.2(31)SB11a', '12.2(31)SB1g', '12.2(31)SB5', '12.2(31)SB3b', '12.2(33)SB8b', '12.2(31)SB10', '12.2(33)SB9', '12.2(31)SB10d', '12.2(31)SB15', '12.2(33)SB8e', '12.2(33)SB10', '12.2(33)SB6', '12.2(31)SB11', '12.2(34)SB4d', '12.2(31)SB7', '12.2(33)SB5', '12.2(31)SB1d', '12.2(31)SB6', '12.2(34)SB4b', '12.2(33)SB8', '12.2(31)SB1c', '12.2(31)SB11b', '12.2(31)SB4a', '12.2(31)SB17', '12.2(34)SB3', '12.2(31)SB10b', '12.2(31)SB13', '12.2(31)SB1', '12.2(34)SB4', '12.2(31)SB9', '12.2(31)SB16', '12.2(31)SB12', '12.2(31)SB10a', '12.2(31)SB20', '12.2(33)SB6a', '12.2(34)SB4a', '12.2(31)SB5a', '12.2(33)SB8c', '12.2(31)SB8a', '12.2(31)SB3c', '12.2(33)SB1a', '12.2(31)SB1e', '12.2(33)SB2', '12.2(31)SB1f', '12.2(31)SB8', '12.2(31)SB12a', '12.2(31)SB3', '12.2(31)SB10e', '12.2(31)SB18', '12.2(33)SB8d', '12.2(31)SB2', '12.2(31)SB14', '12.2(31)SB3a', '12.2(31)SB19', '12.2(34)SB4c', '12.2(33)SB6b', '12.2(34)SB1', '12.2(33)SB', '12.2(33)SB1b', '12.2(33)SB7', '12.2(33)SB1', '12.2(33)SB4', '12.2(33)SB8f', '12.2(33)SB11', '12.2(31)SB21', '12.2(33)SB12', '12.2(33)SB8g', '12.2(33)SB13', '12.2(33)SB14', '12.2(33)SB15', '12.2(33)SB16', '12.2(33)SB17', '12.2(33)SB8a', '12.2(33)SRA', '12.2(33)SRA6', '12.2(33)SRA7', '12.2(33)SRA2', '12.2(33)SRA3', '12.2(33)SRA1', '12.2(33)SRA4', '12.2(33)SRA5', '12.2(31)ZV', '12.2(31)ZV0i', '12.2(31)ZV0f', '12.2(31)ZV2', '12.2(31)ZV1b', '12.2(31)ZV0a', '12.2(31)ZV0h', '12.2(31)ZV2a', '12.2(31)ZV1c', '12.2(31)ZV0j', '12.2(31)ZV0c', '12.2(31)ZV1a', '12.2(31)ZV0g', '12.2(31)ZV0d', '12.2(31)ZV0e', '12.2(31)ZV0b', '12.2(31)ZV2b', '12.2(33)ZW', '12.4(4)XC', '12.4(4)XC1', '12.4(4)XC5', '12.4(4)XC7', '12.4(4)XC3', '12.4(4)XC4', '12.4(4)XC2', '12.4(4)XC6', '12.4(4)XD', '12.4(4)XD4', '12.4(4)XD10', '12.4(4)XD6', '12.4(4)XD12', '12.4(4)XD2', '12.4(4)XD8', '12.4(4)XD11', '12.4(4)XD1', '12.4(4)XD5', '12.4(4)XD7', '12.4(4)XD3', '12.4(4)XD9', '12.4(6)XE', '12.4(6)XE2', '12.4(6)XE1', '12.2(25)SEF', '12.2(25)SEF1', '12.2(25)SEF2', '12.2(25)SEF3', '12.2(25)SEE', '12.2(25)SEE1', '12.2(25)SEE3', '12.2(25)SEE4', '12.2(25)SEE2', '12.2(25)SED', '12.2(25)SED1', '12.3(11)YZ1', '12.3(11)YZ', '12.3(11)YZ2', '12.4(11)SW', '12.4(15)SW6', '12.4(15)SW', '12.4(11)SW1', '12.4(15)SW5', '12.4(15)SW1', '12.4(15)SW4', '12.4(11)SW3', '12.4(11)SW2', '12.4(15)SW3', '12.4(15)SW2', '12.4(15)SW7', '12.4(15)SW8', '12.4(15)SW8a', '12.4(15)SW9', '12.4(9)XG', '12.4(9)XG3', '12.4(9)XG5', '12.4(9)XG2', '12.4(9)XG1', '12.4(9)XG4', '12.4(11)XJ', '12.4(11)XJ1', '12.4(11)XJ3', '12.4(11)XJ6', '12.4(11)XJ2', '12.4(11)XJ5', '12.4(11)XJ4', '12.4(6)XT', '12.4(6)XT1', '12.4(6)XT2', '12.4(6)XP', '12.2(31)SGA', '12.2(31)SGA3', '12.2(31)SGA2', '12.2(31)SGA10', '12.2(31)SGA5', '12.2(31)SGA4', '12.2(31)SGA11', '12.2(31)SGA6', '12.2(31)SGA1', '12.2(31)SGA7', '12.2(31)SGA8', '12.2(31)SGA9', '12.2(15)ZR', '12.2(25)SEG', '12.2(25)SEG5', '12.2(25)SEG2', '12.2(25)SEG4', '12.2(25)SEG1', '12.2(25)SEG3', '12.2(25)SEG6', '12.3(8)JEA1', '12.3(8)JEA3', '12.3(8)JEA2', '12.4(3g)JA', '12.4(25d)JA', '12.4(21a)JA', '12.4(21a)JA1', '12.4(16b)JA1', '12.4(21a)JA2', '12.4(10b)JA3', '12.4(25d)JA1', '12.4(10b)JA1', '12.4(18a)JA1', '12.4(23c)JA', '12.4(16b)JA', '12.4(3g)JA1', '12.4(13d)JA', '12.4(10b)JA', '12.4(23c)JA2', '12.4(23c)JA3', '12.4(23c)JA4', '12.4(25d)JA2', '12.4(25e)JA', '12.4(23c)JA5', '12.4(25e)JA1', '12.4(23c)JA6', '12.4(23c)JA7', '12.4(23c)JA8', '12.4(23c)JA9', '12.4(23c)JA10', '12.4(11)MD', '12.4(11)MD2', '12.4(24)MD1', '12.4(11)MD1', '12.4(24)MD', '12.4(11)MD10', '12.4(15)MD3', '12.4(24)MD3', '12.4(15)MD2', '12.4(11)MD5', '12.4(24)MD2', '12.4(11)MD9', '12.4(22)MD1', '12.4(15)MD5', '12.4(15)MD4', '12.4(22)MD2', '12.4(11)MD8', '12.4(11)MD7', '12.4(24)MD5', '12.4(15)MD', '12.4(15)MD1', '12.4(11)MD6', '12.4(22)MD', '12.4(11)MD4', '12.4(11)MD3', '12.4(24)MD4', '12.4(24)MD6', '12.4(24)MD7', '12.4(15)MD1a', '12.4(14)XK', '12.4(11)XV', '12.4(11)XV1', '12.4(11)XW', '12.4(11)XW3', '12.4(11)XW7', '12.4(11)XW10', '12.4(11)XW8', '12.4(11)XW9', '12.4(11)XW6', '12.4(11)XW4', '12.4(11)XW1', '12.4(11)XW5', '12.4(11)XW2', '12.2(33)SRB', '12.2(33)SRB4', '12.2(33)SRB5a', '12.2(33)SRB3', '12.2(33)SRB1', '12.2(33)SRB7', '12.2(33)SRB6', '12.2(33)SRB5', '12.2(33)SRB2', '12.3(8)JEB', '12.3(8)JEB1', '12.3(8)JEC3', '12.2(25)FZ', '12.4(15)XF', '12.3(2)JL', '12.3(2)JL3', '12.3(2)JL1', '12.3(2)JL4', '12.3(2)JL2', '12.2(33)SCA2', '12.2(33)SCA1', '12.2(33)SCA', '12.2(33)SRC2', '12.2(33)SRC', '12.2(33)SRC3', '12.2(33)SRC5', '12.2(33)SRC6', '12.2(33)SRC4', '12.2(33)SRC1', '12.2(33)SXH3a', '12.2(33)SXH8a', '12.2(33)SXH3', '12.2(33)SXH4', '12.2(33)SXH7', '12.2(33)SXH', '12.2(33)SXH8', '12.2(33)SXH7v', '12.2(33)SXH2a', '12.2(33)SXH2', '12.2(33)SXH1', '12.2(33)SXH5', '12.2(33)SXH0a', '12.2(33)SXH7w', '12.2(33)SXH6', '12.2(33)SXH8b', '12.4(15)XQ4', '12.4(15)XQ1', '12.4(15)XQ7', '12.4(15)XQ2a', '12.4(15)XQ6', '12.4(15)XQ2', '12.4(15)XQ', '12.4(15)XQ3', '12.4(15)XQ2c', '12.4(15)XQ5', '12.4(15)XQ2b', '12.4(15)XQ8', '12.4(15)XQ2d', '12.4(15)XY4', '12.4(15)XY5', '12.4(15)XY1', '12.4(15)XY', '12.4(15)XY2', '12.4(15)XY3', '12.4(15)XZ', '12.4(15)XZ2', '12.4(15)XZ1', '12.4(15)XL3', '12.4(15)XL1', '12.4(15)XL2', '12.4(15)XL4', '12.4(15)XL5', '12.4(15)XL', '12.3(8)ZA', '12.3(8)ZA1', '12.3(11)ZB', '12.3(11)ZB1', '12.3(11)ZB2', '12.4(15)XM3', '12.4(15)XM1', '12.4(15)XM2', '12.4(15)XM', '12.4(15)XN', '12.4(22)XR5', '12.4(22)XR4', '12.4(15)XR5', '12.4(15)XR2', '12.4(22)XR7', '12.4(15)XR4', '12.4(15)XR1', '12.4(15)XR7', '12.4(22)XR2', '12.4(15)XR9', '12.4(15)XR6', '12.4(15)XR3', '12.4(15)XR', '12.4(22)XR6', '12.4(22)XR10', '12.4(15)XR8', '12.4(22)XR1', '12.4(22)XR9', '12.4(22)XR3', '12.4(22)XR8', '12.4(22)XR11', '12.4(15)XR10', '12.4(22)XR12', '12.2(33)IRA', '12.2(33)IRB', '12.2(33)SCB9', '12.2(33)SCB', '12.2(33)SCB6', '12.2(33)SCB3', '12.2(33)SCB10', '12.2(33)SCB4', '12.2(33)SCB2', '12.2(33)SCB7', '12.2(33)SCB1', '12.2(33)SCB5', '12.2(33)SCB8', '12.2(33)SCB11', '12.2(33)SRD7', '12.2(33)SRD6', '12.2(33)SRD4a', '12.2(33)SRD2a', '12.2(33)SRD4', '12.2(33)SRD5', '12.2(33)SRD3', '12.2(33)SRD2', '12.2(33)SRD1', '12.2(33)SRD', '12.2(33)SRD8', '12.2(33)STE0', '12.2(33)SXI2', '12.2(33)SXI3', '12.2(33)SXI5', '12.2(33)SXI4a', '12.2(33)SXI3a', '12.2(33)SXI4', '12.2(33)SXI2a', '12.2(33)SXI', '12.2(33)SXI3z', '12.2(33)SXI6', '12.2(33)SXI7', '12.2(33)SXI1', '12.2(33)SXI5a', '12.2(33)SXI8', '12.2(33)SXI9', '12.2(33)SXI8a', '12.2(33)SXI10', '12.2(33)SXI9a', '12.2(33)SXI11', '12.2(33)SXI12', '12.2(33)SXI13', '12.2(33)SXI14', '12.2(52)XO', '12.2(54)XO', '12.2(40)XO', '12.4(10b)JDA3', '12.4(10b)JDA', '12.4(10b)JDA2', '12.4(3)JL', '12.4(3)JL2', '12.4(3)JL1', '12.4(3)JK4', '12.4(3)JK1', '12.4(3)JK', '12.4(3)JK3', '12.4(3)JK2', '12.4(3g)JX2', '12.4(10b)JX', '12.4(21a)JX', '12.4(3g)JX1', '12.4(25e)JX', '12.4(10b)JY', '12.4(21a)JY', '12.4(23c)JY', '12.2(44)SQ', '12.2(44)SQ2', '12.2(50)SQ2', '12.2(50)SQ1', '12.2(50)SQ', '12.2(50)SQ3', '12.2(50)SQ4', '12.2(50)SQ5', '12.2(50)SQ6', '12.2(50)SQ7', '12.4(10b)JDC', '12.4(10b)JDD', '12.2(33)IRC', '12.4(24)MDA', '12.4(22)MDA3', '12.4(24)MDA5', '12.4(22)MDA5', '12.4(24)MDA3', '12.4(22)MDA4', '12.4(24)MDA4', '12.4(24)MDA1', '12.4(22)MDA', '12.4(22)MDA2', '12.4(22)MDA1', '12.4(24)MDA2', '12.4(22)MDA6', '12.4(24)MDA6', '12.4(24)MDA7', '12.4(24)MDA8', '12.4(24)MDA10', '12.4(24)MDA9', '12.4(24)MDA11', '12.4(24)MDA12', '12.4(24)MDA13', '12.2(33)SCC', '12.2(33)SCC2', '12.2(33)SCC6', '12.2(33)SCC7', '12.2(33)SCC5', '12.2(33)SCC4', '12.2(33)SCC3', '12.2(33)SCC1', '12.2(33)SCD5', '12.2(33)SCD1', '12.2(33)SCD7', '12.2(33)SCD4', '12.2(33)SCD', '12.2(33)SCD6', '12.2(33)SCD3', '12.2(33)SCD2', '12.2(33)SCD8', '12.3(8)JED1', '12.4(24)YG3', '12.4(24)YG4', '12.4(24)YG1', '12.4(24)YG2', '12.4(24)YG', '15.0(1)M1', '15.0(1)M5', '15.0(1)M4', '15.0(1)M3', '15.0(1)M2', '15.0(1)M6', '15.0(1)M', '15.0(1)M7', '15.0(1)M10', '15.0(1)M9', '15.0(1)M8', '15.0(1)M6a', '15.0(1)XA2', '15.0(1)XA4', '15.0(1)XA1', '15.0(1)XA3', '15.0(1)XA', '15.0(1)XA5', '15.1(2)T', '15.1(1)T4', '15.1(3)T2', '15.1(1)T1', '15.1(2)T0a', '15.1(3)T3', '15.1(1)T3', '15.1(2)T3', '15.1(2)T4', '15.1(1)T2', '15.1(3)T', '15.1(2)T2a', '15.1(3)T1', '15.1(1)T', '15.1(2)T2', '15.1(2)T1', '15.1(2)T5', '15.1(3)T4', '15.1(1)T5', '15.1(1)XB', '15.1(1)XB3', '15.1(1)XB1', '15.1(1)XB2', '15.1(4)XB4', '15.1(4)XB5', '15.1(4)XB6', '15.1(4)XB5a', '15.1(4)XB7', '15.1(4)XB8', '15.1(4)XB8a', '12.2(33)SRE1', '12.2(33)SRE2', '12.2(33)SRE3', '12.2(33)SRE4', '12.2(33)SRE', '12.2(33)SRE0a', '12.2(33)SRE5', '12.2(33)SRE6', '12.2(33)SRE8', '12.2(33)SRE7', '12.2(33)SRE9', '12.2(33)SRE7a', '12.2(33)SRE10', '12.2(33)SRE11', '12.2(33)SRE9a', '12.2(33)SRE12', '12.2(33)SRE13', '12.2(33)SRE14', '12.2(33)SRE15', '12.2(33)SRE15a', '15.0(1)XO1', '15.0(1)XO', '15.0(2)XO', '15.0(1)S2', '15.0(1)S1', '15.0(1)S', '15.0(1)S3a', '15.0(1)S4', '15.0(1)S5', '15.0(1)S4a', '15.0(1)S6', '12.2(33)IRD', '12.2(33)IRE', '12.2(33)IRE2', '12.2(33)IRE1', '12.2(33)MRA', '12.2(33)MRB5', '12.2(33)MRB2', '12.2(33)MRB1', '12.2(33)MRB4', '12.2(33)MRB', '12.2(33)MRB3', '12.2(33)MRB6', '12.4(21a)JHA', '12.4(21a)M1', '12.4(23b)M1', '12.4(5a)M0', '15.2(1)S', '15.2(2)S', '15.2(1)S1', '15.2(4)S', '15.2(1)S2', '15.2(2)S1', '15.2(2)S2', '15.2(2)S0a', '15.2(2)S0c', '15.2(2)S0d', '15.2(4)S1', '15.2(4)S4', '15.2(4)S6', '15.2(4)S2', '15.2(4)S5', '15.2(4)S3', '15.2(4)S0c', '15.2(4)S1c', '15.2(4)S3a', '15.2(4)S4a', '15.2(4)S7', '15.2(4)S8', '15.3(1)T', '15.3(2)T', '15.3(1)T1', '15.3(1)T2', '15.3(1)T3', '15.3(1)T4', '15.3(2)T1', '15.3(2)T2', '15.3(2)T3', '15.3(2)T4', '12.4(10b)JDE', '15.0(1)EY', '15.0(1)EY1', '15.0(1)EY2', '15.0(2)EY', '15.0(2)EY1', '15.0(2)EY2', '15.0(2)EY3', '12.4(20)MRB', '12.4(20)MRB1', '12.3(10a)M0', '12.3(9)M0', '12.3(9)M1', '12.3(8)JEE', '12.2(54)WO', '12.2(33)ZZ', '15.1(2)S', '15.1(1)S', '15.1(1)S1', '15.1(3)S', '15.1(1)S2', '15.1(2)S1', '15.1(2)S2', '15.1(3)S1', '15.1(3)S0a', '15.1(3)S2', '15.1(3)S4', '15.1(3)S3', '15.1(3)S5', '15.1(3)S6', '15.1(3)S5a', '15.1(3)S7', '12.2(15)ZS1', '12.2(15)ZS2', '12.2(15)ZS3', '12.2(15)ZS4', '12.2(15)ZS5', '15.1(4)M3', '15.1(4)M', '15.1(4)M1', '15.1(4)M2', '15.1(4)M6', '15.1(4)M5', '15.1(4)M4', '15.1(4)M0a', '15.1(4)M0b', '15.1(4)M7', '15.1(4)M3a', '15.1(4)M10', '15.1(4)M8', '15.1(4)M9', '15.1(4)M12a', '12.2(33)IRF', '15.0(1)SE', '15.0(2)SE', '15.0(1)SE1', '15.0(1)SE2', '15.0(1)SE3', '15.0(2)SE1', '15.0(2)SE2', '15.0(2)SE3', '15.0(2)SE4', '15.0(2)SE5', '15.0(2)SE6', '15.0(2)SE7', '15.0(2)SE8', '15.0(2)SE9', '15.0(2a)SE9', '15.0(2)SE10', '15.0(2)SE11', '15.0(2)SE10a', '15.0(2)SE12', '15.1(2)GC', '15.1(2)GC1', '15.1(2)GC2', '15.1(4)GC', '15.1(4)GC1', '15.1(4)GC2', '15.0(1)SY', '15.0(1)SY1', '15.0(1)SY2', '15.0(1)SY3', '15.0(1)SY4', '15.0(1)SY5', '15.0(1)SY6', '15.0(1)SY7', '15.0(1)SY8', '15.0(1)SY7a', '15.0(1)SY9', '15.0(1)SY10', '12.2(33)SXJ', '12.2(33)SXJ1', '12.2(33)SXJ2', '12.2(33)SXJ3', '12.2(33)SXJ4', '12.2(33)SXJ5', '12.2(33)SXJ6', '12.2(33)SXJ7', '12.2(33)SXJ8', '12.2(33)SXJ9', '12.2(33)SXJ10', '15.1(1)SG', '15.1(2)SG', '15.1(1)SG1', '15.1(1)SG2', '15.1(2)SG1', '15.1(2)SG2', '15.1(2)SG3', '15.1(2)SG4', '15.1(2)SG5', '15.1(2)SG6', '15.1(2)SG7', '15.1(2)SG8', '15.0(1)MR', '15.0(2)MR', '12.2(33)SCF', '12.2(33)SCF1', '12.2(33)SCF2', '12.2(33)SCF3', '12.2(33)SCF4', '12.2(33)SCF5', '15.2(4)M', '15.2(4)M1', '15.2(4)M2', '15.2(4)M4', '15.2(4)M3', '15.2(4)M5', '15.2(4)M8', '15.2(4)M10', '15.2(4)M7', '15.2(4)M6', '15.2(4)M9', '15.2(4)M6b', '15.2(4)M6a', '15.2(4)M11', '12.2(33)SCE', '12.2(33)SCE1', '12.2(33)SCE2', '12.2(33)SCE3', '12.2(33)SCE4', '12.2(33)SCE5', '12.2(33)SCE6', '15.0(2)SG', '15.0(2)SG1', '15.0(2)SG2', '15.0(2)SG3', '15.0(2)SG4', '15.0(2)SG5', '15.0(2)SG6', '15.0(2)SG7', '15.0(2)SG8', '15.0(2)SG9', '15.0(2)SG10', '15.0(2)SG11', '15.0(2)SG11a', '12.4(24)MDB', '12.4(24)MDB1', '12.4(24)MDB3', '12.4(24)MDB4', '12.4(24)MDB5', '12.4(24)MDB6', '12.4(24)MDB7', '12.4(24)MDB5a', '12.4(24)MDB8', '12.4(24)MDB9', '12.4(24)MDB10', '12.4(24)MDB11', '12.4(24)MDB12', '12.4(24)MDB13', '12.4(24)MDB14', '12.4(24)MDB15', '12.4(24)MDB16', '12.4(24)MDB17', '12.4(24)MDB18', '12.4(24)MDB19', '12.3(11)TO3', '12.2(33)IRG', '12.2(33)IRG1', '12.4(21a)JHC', '15.0(1)EX', '15.0(2)EX', '15.0(2)EX1', '15.0(2)EX2', '15.0(2)EX3', '15.0(2)EX4', '15.0(2)EX5', '15.0(2)EX6', '15.0(2)EX7', '15.0(2)EX8', '15.0(2a)EX5', '15.0(2)EX10', '15.0(2)EX11', '15.0(2)EX13', '15.0(2)EX12', '15.2(1)GC', '15.2(1)GC1', '15.2(1)GC2', '15.2(2)GC', '15.2(3)GC', '15.2(3)GC1', '15.2(4)GC', '15.2(4)GC1', '15.2(4)GC2', '15.2(4)GC3', '12.4(25d)JAX', '12.4(25d)JAX1', '12.4(25e)JAX', '12.4(25e)JAX1', '12.4(25e)JAX2', '12.2(33)SCG', '12.2(33)SCG1', '12.2(33)SCG2', '12.2(33)SCG3', '12.2(33)SCG4', '12.2(33)SCG5', '12.2(33)SCG6', '12.2(33)SCG7', '12.2(33)IRH', '12.2(33)IRH1', '15.1(1)SY', '15.1(1)SY1', '15.1(2)SY', '15.1(2)SY1', '15.1(2)SY2', '15.1(1)SY2', '15.1(1)SY3', '15.1(2)SY3', '15.1(1)SY4', '15.1(2)SY4', '15.1(1)SY5', '15.1(2)SY5', '15.1(2)SY4a', '15.1(1)SY6', '15.1(2)SY6', '15.1(2)SY7', '15.1(2)SY8', '15.1(2)SY9', '15.1(2)SY10', '15.1(2)SY11', '15.1(2)SY12', '15.1(2)SY13', '15.3(1)S', '15.3(2)S', '15.3(3)S', '15.3(1)S2', '15.3(1)S1', '15.3(2)S2', '15.3(2)S1', '15.3(1)S1e', '15.3(3)S1', '15.3(3)S2', '15.3(3)S3', '15.3(3)S6', '15.3(3)S4', '15.3(3)S1a', '15.3(3)S5', '15.3(3)S2a', '15.3(3)S7', '15.3(3)S8', '15.3(3)S6a', '15.3(3)S9', '15.3(3)S10', '15.3(3)S8a', '15.4(1)T', '15.4(2)T', '15.4(1)T2', '15.4(1)T1', '15.4(1)T3', '15.4(2)T1', '15.4(2)T3', '15.4(2)T2', '15.4(1)T4', '15.4(2)T4', '12.4(25e)JAZ', '12.4(25d)JB', '12.2(33)SCH', '12.2(33)SCH1', '12.2(33)SCH2', '12.2(33)SCH0a', '12.2(33)SCH3', '12.2(33)SCH2a', '12.2(33)SCH4', '12.2(33)SCH5', '12.2(33)SCH6', '12.4(25e)JAL', '12.4(25e)JAL1', '12.4(25e)JAL2', '12.4(25e)JAL1a', '12.4(25e)JAM', '12.4(25e)JAM2', '12.4(25e)JAM3', '12.4(25e)JAM4', '12.4(25e)JAM5', '12.4(25e)JAM6', '15.2(1)E', '15.2(2)E', '15.2(1)E1', '15.2(3)E', '15.2(1)E2', '15.2(1)E3', '15.2(2)E1', '15.2(2b)E', '15.2(4)E', '15.2(3)E1', '15.2(2)E2', '15.2(2a)E1', '15.2(2)E3', '15.2(2a)E2', '15.2(3)E2', '15.2(3a)E', '15.2(3)E3', '15.2(3m)E2', '15.2(4)E1', '15.2(2)E4', '15.2(2)E5', '15.2(4)E2', '15.2(4m)E1', '15.2(3)E4', '15.2(5)E', '15.2(3m)E7', '15.2(4)E3', '15.2(2)E6', '15.2(5a)E', '15.2(5)E1', '15.2(5b)E', '15.2(4m)E3', '15.2(3m)E8', '15.2(2)E5a', '15.2(5c)E', '15.2(3)E5', '15.2(2)E5b', '15.2(4n)E2', '15.2(4o)E2', '15.2(5a)E1', '15.2(4)E4', '15.2(2)E7', '15.2(5)E2', '15.2(4p)E1', '15.2(6)E', '15.2(5)E2b', '15.2(4)E5', '15.2(5)E2c', '15.2(2)E8', '15.2(4m)E2', '15.2(4o)E3', '15.2(4q)E1', '15.2(6)E0a', '15.2(6)E1', '15.2(2)E7b', '15.2(4)E5a', '15.2(6)E0c', '15.2(4)E6', '15.2(6)E2', '15.2(2)E9', '15.2(6)E1a', '15.2(4)E7', '15.2(6)E1s', '15.2(4s)E1', '15.2(2)E9a', '15.2(6)E2a', '15.2(6)E2b', '15.2(4s)E2', '15.1(3)MRA', '15.1(3)MRA1', '15.1(3)MRA2', '15.1(3)MRA3', '15.1(3)MRA4', '15.1(3)SVB1', '15.1(3)SVB2', '15.2(2)JB1', '15.2(2)JB', '15.2(2)JB2', '15.2(4)JB', '15.2(2)JB3', '15.2(4)JB1', '15.2(4)JB2', '15.2(4)JB3', '15.2(4)JB3a', '15.2(2)JB4', '15.2(4)JB4', '15.2(4)JB3h', '15.2(4)JB3b', '15.2(4)JB3s', '15.2(4)JB5h', '15.2(4)JB5', '15.2(4)JB5m', '15.2(4)JB6', '15.2(2)JB5', '15.2(2)JB6', '15.4(1)S', '15.4(2)S', '15.4(3)S', '15.4(1)S1', '15.4(1)S2', '15.4(2)S1', '15.4(1)S3', '15.4(3)S1', '15.4(2)S2', '15.4(3)S2', '15.4(3)S3', '15.4(1)S4', '15.4(2)S3', '15.4(2)S4', '15.4(3)S0d', '15.4(3)S4', '15.4(3)S0e', '15.4(3)S5', '15.4(3)S0f', '15.4(3)S6', '15.4(3)S7', '15.4(3)S6a', '15.4(3)S8', '15.4(3)S9', '15.4(3)S10', '15.2(2)JAX', '15.2(2)JAX1', '15.3(3)M', '15.3(3)M1', '15.3(3)M2', '15.3(3)M3', '15.3(3)M5', '15.3(3)M4', '15.3(3)M6', '15.3(3)M7', '15.3(3)M8', '15.3(3)M9', '15.3(3)M10', '15.3(3)M8a', '15.2(2)JN1', '15.2(2)JN2', '15.2(4)JN', '15.0(2)EZ', '15.2(1)SC1a', '15.2(2)SC', '15.2(2)SC1', '15.2(2)SC3', '15.2(2)SC4', '12.4(24)YS', '12.4(24)YS1', '12.4(24)YS2', '12.4(24)YS3', '12.4(24)YS4', '12.4(24)YS5', '12.4(24)YS6', '12.4(24)YS7', '12.4(24)YS8', '12.4(24)YS8a', '12.4(24)YS9', '12.4(24)YS10', '15.1(3)SVD', '15.1(3)SVD1', '15.1(3)SVD2', '15.1(3)SVD3', '15.2(1)EY', '15.0(2)EJ', '15.0(2)EJ1', '15.2(1)SY', '15.2(1)SY1', '15.2(1)SY0a', '15.2(1)SY2', '15.2(2)SY', '15.2(1)SY1a', '15.2(2)SY1', '15.2(2)SY2', '15.2(1)SY3', '15.2(1)SY4', '15.2(2)SY3', '15.2(1)SY5', '15.2(1)SY6', '15.2(1)SY7', '15.2(5)EX', '15.1(3)SVF', '15.1(3)SVF1', '15.1(3)SVF2', '15.1(3)SVF2a', '15.1(3)SVF4b', '15.1(3)SVF4d', '15.1(3)SVF4e', '15.1(3)SVF4f', '15.1(3)SVF4c', '15.1(3)SVE', '15.4(3)M', '15.4(3)M1', '15.4(3)M2', '15.4(3)M3', '15.4(3)M4', '15.4(3)M5', '15.4(3)M6', '15.4(3)M7', '15.4(3)M6a', '15.4(3)M7a', '15.4(3)M8', '15.4(3)M9', '15.4(3)M10', '15.2(1)SD1', '15.2(1)SD2', '15.2(1)SD3', '15.2(1)SD4', '15.2(1)SD6', '15.2(1)SD6a', '15.2(1)SD7', '15.2(1)SD8', '12.4(25e)JAO', '12.4(25e)JAO1', '12.4(25e)JAO2', '12.4(25e)JAO3', '12.4(25e)JAO4', '12.4(25e)JAO5', '12.4(25e)JAO6', '12.4(25e)JAO5m', '12.4(25e)JAO7', '15.2(4)JAZ', '15.2(4)JAZ1', '15.0(2)EK', '15.0(2)EK1', '15.3(3)XB12', '15.4(1)CG', '15.4(1)CG1', '15.4(2)CG', '15.5(1)S', '15.5(2)S', '15.5(1)S1', '15.5(3)S', '15.5(1)S2', '15.5(1)S3', '15.5(2)S1', '15.5(2)S2', '15.5(3)S1', '15.5(3)S1a', '15.5(2)S3', '15.5(3)S2', '15.5(3)S0a', '15.5(3)S3', '15.5(1)S4', '15.5(2)S4', '15.5(3)S4', '15.5(3)S5', '15.5(3)S6', '15.5(3)S6a', '15.5(3)S7', '15.5(3)S6b', '15.5(3)S8', '15.5(3)S9', '15.1(3)SVG', '15.1(3)SVG2', '15.1(3)SVG3', '15.1(3)SVG1b', '15.1(3)SVG1c', '15.1(3)SVG3a', '15.1(3)SVG3b', '15.1(3)SVG3c', '15.1(3)SVG2a', '15.1(3)SVG1a', '15.2(2)EB', '15.2(2)EB1', '15.2(2)EB2', '15.5(1)T', '15.5(1)T1', '15.5(2)T', '15.5(1)T2', '15.5(1)T3', '15.5(2)T1', '15.5(2)T2', '15.5(2)T3', '15.5(2)T4', '15.5(1)T4', '15.2(2)EA', '15.2(2)EA1', '15.2(2)EA2', '15.2(3)EA', '15.2(4)EA', '15.2(4)EA1', '15.2(2)EA3', '15.2(4)EA3', '15.2(5)EA', '15.2(4)EA4', '15.2(4)EA2', '15.2(4)EA5', '15.2(4)EA6', '15.2(4)EA7', '15.2(4)EA8', '15.4(2)SN', '15.4(2)SN1', '15.4(3)SN1', '15.4(3)SN1a', '15.3(3)JN', '15.3(3)JN1', '15.3(3)JN2', '15.3(3)JN3', '15.3(3)JN4', '15.3(3)JN6', '15.3(3)JN7', '15.3(3)JN8', '15.3(3)JN9', '15.3(3)JN11', '15.3(3)JN13', '15.3(3)JN14', '15.3(3)JN15', '15.1(3)SVH', '15.1(3)SVH2', '15.1(3)SVH4', '15.1(3)SVH4a', '15.5(3)M', '15.5(3)M1', '15.5(3)M0a', '15.5(3)M2', '15.5(3)M2a', '15.5(3)M3', '15.5(3)M4', '15.5(3)M4a', '15.5(3)M5', '15.5(3)M4b', '15.5(3)M4c', '15.5(3)M6', '15.5(3)M5a', '15.5(3)M7', '15.5(3)M6a', '15.5(3)M8', '12.2(33)SCI', '12.2(33)SCI1', '12.2(33)SCI1a', '12.2(33)SCI2', '12.2(33)SCI3', '12.2(33)SCI2a', '12.4(25e)JAP', '12.4(25e)JAP1', '12.4(25e)JAP1m', '12.4(25e)JAP2', '12.4(25e)JAP26', '12.4(25e)JAP4', '12.4(25e)JAP5', '12.4(25e)JAP6', '12.4(25e)JAP1n', '12.4(25e)JAP7', '12.4(25e)JAP8', '12.4(25e)JAP10', '12.4(25e)JAP11', '12.4(25e)JAP12', '15.3(3)JA', '15.3(3)JA1n', '15.3(3)JA1m', '15.3(3)JA1', '15.3(3)JA2', '15.3(3)JA3', '15.3(3)JA4', '15.3(3)JA5', '15.3(3)JA6', '15.3(3)JA7', '15.3(3)JA8', '15.3(3)JA10', '15.3(3)JA11', '15.3(3)JA12', '15.3(3)JAA', '15.3(3)JAA11', '15.3(3)JAA1', '15.3(3)JAA12', '15.3(3)JAB', '15.3(3)JB', '15.5(1)SN', '15.5(1)SN1', '15.5(2)SN', '15.5(3)SN0a', '15.5(3)SN', '15.0(2)SQD', '15.0(2)SQD1', '15.0(2)SQD2', '15.0(2)SQD3', '15.0(2)SQD4', '15.0(2)SQD5', '15.0(2)SQD6', '15.0(2)SQD7', '15.0(2)SQD8', '15.6(1)S', '15.6(2)S', '15.6(2)S1', '15.6(1)S1', '15.6(1)S2', '15.6(2)S2', '15.6(1)S3', '15.6(2)S3', '15.6(1)S4', '15.6(2)S4', '15.1(3)SVI2', '15.1(3)SVI1a', '15.1(3)SVI2a', '15.1(3)SVI3', '15.1(3)SVI31a', '15.1(3)SVI31b', '15.1(3)SVI3b', '15.1(3)SVI3c', '15.6(1)T', '15.6(2)T', '15.6(1)T0a', '15.6(1)T1', '15.6(2)T1', '15.6(1)T2', '15.6(2)T0a', '15.6(2)T2', '15.6(1)T3', '15.6(2)T3', '15.3(3)JNB', '15.3(3)JNB1', '15.3(3)JNB2', '15.3(3)JNB3', '15.3(3)JNB4', '15.3(3)JNB6', '15.3(3)JNB5', '15.3(3)JAX', '15.3(3)JAX1', '15.3(3)JAX2', '15.3(3)JBB', '15.3(3)JBB1', '15.3(3)JBB2', '15.3(3)JBB4', '15.3(3)JBB5', '15.3(3)JBB6', '15.3(3)JBB8', '15.3(3)JBB6a', '15.3(3)JC', '15.3(3)JC1', '15.3(3)JC2', '15.3(3)JC3', '15.3(3)JC4', '15.3(3)JC5', '15.3(3)JC6', '15.3(3)JC8', '15.3(3)JC9', '15.3(3)JC14', '15.3(1)SY', '15.3(0)SY', '15.3(1)SY1', '15.3(1)SY2', '15.3(3)JNC', '15.3(3)JNC1', '15.3(3)JNC2', '15.3(3)JNC3', '15.3(3)JNC4', '12.2(33)SCJ', '12.2(33)SCJ1a', '12.2(33)SCJ2', '12.2(33)SCJ2a', '12.2(33)SCJ2b', '12.2(33)SCJ2c', '12.2(33)SCJ3', '12.2(33)SCJ4', '15.3(3)JNP', '15.3(3)JNP1', '15.3(3)JNP3', '15.5(2)XB', '15.6(2)SP', '15.6(2)SP1', '15.6(2)SP2', '15.6(2)SP3', '15.6(2)SP4', '15.6(2)SP3b', '15.6(2)SP5', '15.6(2)SP6', '15.6(1)SN', '15.6(1)SN1', '15.6(2)SN', '15.6(1)SN2', '15.6(1)SN3', '15.6(3)SN', '15.6(4)SN', '15.6(5)SN', '15.6(6)SN', '15.6(7)SN', '15.6(7)SN1', '15.3(3)JPB', '15.3(3)JPB1', '15.3(3)JD', '15.3(3)JD2', '15.3(3)JD3', '15.3(3)JD4', '15.3(3)JD5', '15.3(3)JD6', '15.3(3)JD7', '15.3(3)JD8', '15.3(3)JD9', '15.3(3)JD11', '15.3(3)JD12', '15.3(3)JD13', '15.3(3)JD14', '15.3(3)JD15', '15.3(3)JD16', '15.3(3)JD17', '15.6(3)M', '15.6(3)M1', '15.6(3)M0a', '15.6(3)M1a', '15.6(3)M1b', '15.6(3)M2', '15.6(3)M2a', '15.6(3)M3', '15.6(3)M3a', '15.6(3)M4', '15.6(3)M5', '15.1(3)SVJ', '15.1(3)SVJ2', '15.2(4)EC1', '15.2(4)EC2', '15.3(3)JPC', '15.3(3)JPC1', '15.3(3)JPC2', '15.3(3)JPC3', '15.3(3)JPC5', '15.3(3)JND', '15.3(3)JND1', '15.3(3)JND2', '15.3(3)JND3', '15.4(1)SY', '15.4(1)SY1', '15.4(1)SY2', '15.4(1)SY3', '15.4(1)SY4', '15.3(3)JE', '15.3(3)JPD', '15.3(3)JDA7', '15.3(3)JDA8', '15.3(3)JDA9', '15.3(3)JDA11', '15.3(3)JDA12', '15.3(3)JDA13', '15.3(3)JDA14', '15.3(3)JDA15', '15.3(3)JDA16', '15.3(3)JDA17', '15.5(1)SY', '15.5(1)SY1', '15.5(1)SY2', '15.3(3)JF', '15.3(3)JF1', '15.3(3)JF2', '15.3(3)JF4', '15.3(3)JF5', '15.3(3)JF6', '15.3(3)JF7', '15.3(3)JF8', '15.3(3)JCA7', '15.3(3)JCA8', '15.3(3)JCA9', '15.7(3)M', '15.7(3)M1', '15.7(3)M0a', '15.7(3)M3', '15.7(3)M2', '15.3(3)JG', '15.3(3)JG1', '15.3(3)JH', '15.3(3)JH1', '15.3(3)JI', '15.3(3)JI1', '15.8(3)M', '12.2(6)I1', '15.3(3)JJ', '15.1(3)SVR' ); workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']); workaround_params = make_list(); reporting = make_array( 'port' , 0, 'severity' , SECURITY_WARNING, 'version' , product_info['version'], 'bug_id' , 'CSCvf36258' ); cisco::check_and_report(product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_versions:version_list);NASL family CISCO NASL id CISCO-SA-20190925-HTTP-CLIENT-IOSXE.NASL description According to its self-reported version, IOS XE Software is affected by a vulnerability in the HTTP client feature that allows an unauthenticated, remote attacker to read and modify data that should normally be sent via an encrypted channel. This vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker can exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been set through an encrypted channel. Please see the included Cisco BIDs and Cisco Security Advisory for more information. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-09 modified 2019-10-10 plugin id 129779 published 2019-10-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129779 title Cisco IOS XE Software HTTP Client Information Disclosure Vulnerability (cisco-sa-20190925-http-client) code #TRUSTED 27c28858639e5f1b142febb2e3591fb6671df0cb0f6281d7afd1cd12fa6230d250daac9c619c70b7869fcd215a929c0f5229ab34e0b1f8f02e9213dac8b0776d8505e24093ec9556db30325f38b5763c4a7e2f0d72192c0fd17bc3aa0899333495b344946857e2e4c49e3d210f6d30a6f49580243ee6e85cacaea1c2cae9a162d32b7c8d18251f1e3c192a60fb4c57569e153b1fba5e18f1e1481264d8f628d8ba2472dd5265ac089fc35a3179e6d91eb0989c225f6d494889e8f0a59326998a5a08570303c9fc1fa50f694abcf6136b53fb0c63694b82949fdcbd3cceb5e3c137987cf1775ab5a1741f75cfdf4ad8e387e2e3ddbb14763517d5664a6ee49a0c4076e3a3fe4ad4bb99a06b9ed54a05349fc6c382afd33f025eba783afe207b2f02b80f43fdc033e80d6b708629b0140604fd5bf510749b0c474edcc3364021ed9393cc9022443ce0544780ba03881e25e210dee3fb22b08d41ec9e1f1d81a0b21c915256c7789965a403daf0950512f30342d05f2a025e231f12eb1c84af1dc01b2d2b803b4106a5fec84320b63c2c3640ae96692cd4a1de02a4ec7f93ff8a0bbee081329a28ef64d41400d1eab640da9556d1669c8a012ea944613a34a46ece031d20c6c08653464a74040384685edeae3b94a94cfbb502009a42c7bf6a11758b82229eee805e38a945bf0d9928e9e46b3819fbda818fc4334b064c1ad8ae8c # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(129779); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/08"); script_cve_id("CVE-2019-12665"); script_xref(name:"CISCO-BUG-ID", value:"CSCvf36258"); script_xref(name:"CISCO-SA", value:"cisco-sa-20190925-http-client"); script_xref(name:"IAVA", value:"2019-A-0352-S"); script_name(english:"Cisco IOS XE Software HTTP Client Information Disclosure Vulnerability (cisco-sa-20190925-http-client)"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch"); script_set_attribute(attribute:"description", value: "According to its self-reported version, IOS XE Software is affected by a vulnerability in the HTTP client feature that allows an unauthenticated, remote attacker to read and modify data that should normally be sent via an encrypted channel. This vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker can exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been set through an encrypted channel. Please see the included Cisco BIDs and Cisco Security Advisory for more information. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-http-client script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0e0771c9"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf36258"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvf36258"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12665"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(399); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/25"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_ios_xe_version.nasl"); script_require_keys("Host/Cisco/IOS-XE/Version"); exit(0); } include('audit.inc'); include('cisco_workarounds.inc'); include('ccf.inc'); product_info = cisco::get_product_info(name:'Cisco IOS XE Software'); version_list=make_list( '3.2.0SG', '3.2.1SG', '3.2.2SG', '3.2.3SG', '3.2.4SG', '3.2.5SG', '3.2.6SG', '3.2.7SG', '3.2.8SG', '3.2.9SG', '3.2.10SG', '3.2.11SG', '3.7.0S', '3.7.1S', '3.7.2S', '3.7.3S', '3.7.4S', '3.7.5S', '3.7.6S', '3.7.7S', '3.7.8S', '3.7.4aS', '3.7.2tS', '3.7.0bS', '3.7.1aS', '3.3.0SG', '3.3.2SG', '3.3.1SG', '3.8.0S', '3.8.1S', '3.8.2S', '3.9.1S', '3.9.0S', '3.9.2S', '3.9.1aS', '3.9.0aS', '3.2.0SE', '3.2.1SE', '3.2.2SE', '3.2.3SE', '3.3.0SE', '3.3.1SE', '3.3.2SE', '3.3.3SE', '3.3.4SE', '3.3.5SE', '3.3.0XO', '3.3.1XO', '3.3.2XO', '3.4.0SG', '3.4.2SG', '3.4.1SG', '3.4.3SG', '3.4.4SG', '3.4.5SG', '3.4.6SG', '3.4.7SG', '3.4.8SG', '3.5.0E', '3.5.1E', '3.5.2E', '3.5.3E', '3.10.0S', '3.10.1S', '3.10.2S', '3.10.3S', '3.10.4S', '3.10.5S', '3.10.6S', '3.10.2aS', '3.10.2tS', '3.10.7S', '3.10.8S', '3.10.8aS', '3.10.9S', '3.10.10S', '3.11.1S', '3.11.2S', '3.11.0S', '3.11.3S', '3.11.4S', '3.12.0S', '3.12.1S', '3.12.2S', '3.12.3S', '3.12.0aS', '3.12.4S', '3.13.0S', '3.13.1S', '3.13.2S', '3.13.3S', '3.13.4S', '3.13.5S', '3.13.2aS', '3.13.0aS', '3.13.5aS', '3.13.6S', '3.13.7S', '3.13.6aS', '3.13.6bS', '3.13.7aS', '3.13.8S', '3.13.9S', '3.13.10S', '3.6.0E', '3.6.1E', '3.6.0aE', '3.6.0bE', '3.6.2aE', '3.6.2E', '3.6.3E', '3.6.4E', '3.6.5E', '3.6.6E', '3.6.5aE', '3.6.5bE', '3.6.7E', '3.6.8E', '3.6.7aE', '3.6.7bE', '3.6.9E', '3.6.9aE', '3.14.0S', '3.14.1S', '3.14.2S', '3.14.3S', '3.14.4S', '3.15.0S', '3.15.1S', '3.15.2S', '3.15.1cS', '3.15.3S', '3.15.4S', '3.3.0SQ', '3.3.1SQ', '3.4.0SQ', '3.4.1SQ', '3.7.0E', '3.7.1E', '3.7.2E', '3.7.3E', '3.7.4E', '3.7.5E', '3.5.0SQ', '3.5.1SQ', '3.5.2SQ', '3.5.3SQ', '3.5.4SQ', '3.5.5SQ', '3.5.6SQ', '3.5.7SQ', '3.5.8SQ', '3.16.0S', '3.16.1S', '3.16.0aS', '3.16.1aS', '3.16.2S', '3.16.2aS', '3.16.0bS', '3.16.0cS', '3.16.3S', '3.16.2bS', '3.16.3aS', '3.16.4S', '3.16.4aS', '3.16.4bS', '3.16.4gS', '3.16.5S', '3.16.4cS', '3.16.4dS', '3.16.4eS', '3.16.6S', '3.16.5aS', '3.16.5bS', '3.16.7S', '3.16.6bS', '3.16.7aS', '3.16.7bS', '3.16.8S', '3.16.9S', '3.17.0S', '3.17.1S', '3.17.2S', '3.17.1aS', '3.17.3S', '3.17.4S', '16.1.1', '16.1.2', '16.1.3', '3.2.0JA', '16.2.1', '16.2.2', '3.8.0E', '3.8.1E', '3.8.2E', '3.8.3E', '3.8.4E', '3.8.5E', '3.8.5aE', '3.8.6E', '3.8.7E', '16.3.1', '16.3.2', '16.3.3', '16.3.1a', '16.3.4', '16.3.5', '16.3.5b', '16.3.6', '16.3.7', '16.4.1', '16.4.2', '16.4.3', '16.5.1', '16.5.1a', '16.5.1b', '16.5.2', '16.5.3', '3.18.0aS', '3.18.0S', '3.18.1S', '3.18.2S', '3.18.3S', '3.18.4S', '3.18.0SP', '3.18.1SP', '3.18.1aSP', '3.18.1gSP', '3.18.1bSP', '3.18.1cSP', '3.18.2SP', '3.18.1hSP', '3.18.2aSP', '3.18.1iSP', '3.18.3SP', '3.18.4SP', '3.18.3aSP', '3.18.3bSP', '3.18.5SP', '3.18.6SP', '3.9.0E', '3.9.1E', '3.9.2E', '3.9.2bE', '16.6.1', '16.6.2', '16.6.3', '16.6.4', '16.6.4s', '16.7.1', '16.7.1a', '16.7.1b', '16.7.2', '16.9.3h', '3.10.0E', '3.10.1E', '3.10.0cE', '3.10.2E', '3.10.1aE', '3.10.1sE' ); workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']); workaround_params = make_list(); reporting = make_array( 'port' , 0, 'severity' , SECURITY_WARNING, 'version' , product_info['version'], 'bug_id' , 'CSCvf36258' ); cisco::check_and_report(product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_versions:version_list);