FKIE_CVE-2007-0962

Vulnerability from fkie_nvd - Published: 2007-02-16 00:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when "inspect http" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic.
References
cve@mitre.orghttp://osvdb.org/33055
cve@mitre.orghttp://secunia.com/advisories/24160Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/24180Patch, Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1017651Patch
cve@mitre.orghttp://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtmlPatch, Vendor Advisory
cve@mitre.orghttp://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtmlPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/22561
cve@mitre.orghttp://www.securityfocus.com/bid/22562
cve@mitre.orghttp://www.securitytracker.com/id?1017652
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0608
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/32486
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/33055
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24160Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24180Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017651Patch
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22561
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22562
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017652
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0608
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/32486
Impacted products
Vendor Product Version
cisco firewall_services_module 2.3
cisco firewall_services_module 3.1
cisco asa_5500 7.0
cisco asa_5500 7.1
cisco pix_firewall_software 7.0
cisco pix_firewall_software 7.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firewall_services_module:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9A8528D-DF6A-4493-A77E-CBF08359F2E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:firewall_services_module:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F90E9070-781D-4D3D-98EB-5B6DB9D3C75E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asa_5500:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "891B8FA4-B602-42C5-A94F-8C60BBF7A7D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5500:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "856917BD-179B-4C43-8EA6-034254720B63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009CCE4-908C-4830-B0E0-7B4CB33280F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "640CDC78-22D3-4E60-8D36-F088D8DB27DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when \"inspect http\" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic."
    },
    {
      "lang": "es",
      "value": "Cisco PIX 500 y ASA 5500 Series Security Appliances 7.x versiones anteriores a 7.0(4.14), 7.1 versiones anteriores a 7.1(2.1), y el FWSM 2.x versiones anteriores a 2.3(4.12) y 3.x versiones anteriores a 3.1(3.24), cuando \"inspect http\" est\u00e1 habilitado, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicio de dispositivo) mediante tr\u00e1fico HTTP mal-formado."
    }
  ],
  "id": "CVE-2007-0962",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-02-16T00:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/33055"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24160"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24180"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1017651"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22561"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22562"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017652"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0608"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32486"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/33055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24180"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1017651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22561"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22562"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0608"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32486"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.