VAR-200208-0079
Vulnerability from variot - Updated: 2023-12-18 13:45The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data. These switches run WebNS software. The attacker does not need to be authenticated to cause this condition to occur. The CSS 11000 series switches are known to be affected by this vulnerability. Since this issue occurs before authentication, any remote attacker without authentication can perform a denial of service attack
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200208-0079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "webns",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0_1.012s"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0_2.005s"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0_0.038s"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.1_0.0.10"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.0_1.053s"
},
{
"model": "content services switch 11000",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.10.0.10"
},
{
"model": "webns 2.005s",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "webns 1.012s",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "webns 0.038s",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "webns 1.053s",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "content services switch 11000",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#330275"
},
{
"db": "CERT/CC",
"id": "VU#686939"
},
{
"db": "BID",
"id": "4747"
},
{
"db": "BID",
"id": "4748"
},
{
"db": "NVD",
"id": "CVE-2002-0792"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-139"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:4.0_1.053s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:5.0_0.038s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:5.0_1.012s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:5.0_2.005s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:5.1_0.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:content_services_switch_11000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0792"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Systems Product Security Incident Response Team\u203b psirt@cisco.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-139"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0792",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-5183",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-0792",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#330275",
"trust": 0.8,
"value": "16.88"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#686939",
"trust": 0.8,
"value": "12.66"
},
{
"author": "CNNVD",
"id": "CNNVD-200208-139",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-5183",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#330275"
},
{
"db": "CERT/CC",
"id": "VU#686939"
},
{
"db": "VULHUB",
"id": "VHN-5183"
},
{
"db": "NVD",
"id": "CVE-2002-0792"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-139"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data. These switches run WebNS software. The attacker does not need to be authenticated to cause this condition to occur. \nThe CSS 11000 series switches are known to be affected by this vulnerability. Since this issue occurs before authentication, any remote attacker without authentication can perform a denial of service attack",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0792"
},
{
"db": "CERT/CC",
"id": "VU#330275"
},
{
"db": "CERT/CC",
"id": "VU#686939"
},
{
"db": "BID",
"id": "4747"
},
{
"db": "BID",
"id": "4748"
},
{
"db": "VULHUB",
"id": "VHN-5183"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "4747",
"trust": 2.8
},
{
"db": "BID",
"id": "4748",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#330275",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#686939",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2002-0792",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-200208-139",
"trust": 0.7
},
{
"db": "XF",
"id": "9083",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20020515 CONTENT SERVICE SWITCH WEB MANAGEMENT HTTP PROCESSING VULNERABILITIES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-5183",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#330275"
},
{
"db": "CERT/CC",
"id": "VU#686939"
},
{
"db": "VULHUB",
"id": "VHN-5183"
},
{
"db": "BID",
"id": "4747"
},
{
"db": "BID",
"id": "4748"
},
{
"db": "NVD",
"id": "CVE-2002-0792"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-139"
}
]
},
"id": "VAR-200208-0079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5183"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:45:34.999000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0792"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.cisco.com/warp/public/707/css-http-post-pub.shtml"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/4747"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/4748"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/330275"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/686939"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/9083.php"
},
{
"trust": 0.6,
"url": "http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#330275"
},
{
"db": "CERT/CC",
"id": "VU#686939"
},
{
"db": "VULHUB",
"id": "VHN-5183"
},
{
"db": "BID",
"id": "4747"
},
{
"db": "BID",
"id": "4748"
},
{
"db": "NVD",
"id": "CVE-2002-0792"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-139"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#330275"
},
{
"db": "CERT/CC",
"id": "VU#686939"
},
{
"db": "VULHUB",
"id": "VHN-5183"
},
{
"db": "BID",
"id": "4747"
},
{
"db": "BID",
"id": "4748"
},
{
"db": "NVD",
"id": "CVE-2002-0792"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-139"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-05-22T00:00:00",
"db": "CERT/CC",
"id": "VU#330275"
},
{
"date": "2002-05-22T00:00:00",
"db": "CERT/CC",
"id": "VU#686939"
},
{
"date": "2002-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-5183"
},
{
"date": "2002-05-15T00:00:00",
"db": "BID",
"id": "4747"
},
{
"date": "2002-05-15T00:00:00",
"db": "BID",
"id": "4748"
},
{
"date": "2002-08-12T04:00:00",
"db": "NVD",
"id": "CVE-2002-0792"
},
{
"date": "2002-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-139"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-05-30T00:00:00",
"db": "CERT/CC",
"id": "VU#330275"
},
{
"date": "2002-05-30T00:00:00",
"db": "CERT/CC",
"id": "VU#686939"
},
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-5183"
},
{
"date": "2009-07-11T12:46:00",
"db": "BID",
"id": "4747"
},
{
"date": "2009-07-11T12:46:00",
"db": "BID",
"id": "4748"
},
{
"date": "2008-09-05T20:28:57.757000",
"db": "NVD",
"id": "CVE-2002-0792"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-139"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "4747"
},
{
"db": "BID",
"id": "4748"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Content Service Switch reboots when HTTPS POST request is sent to web management interface",
"sources": [
{
"db": "CERT/CC",
"id": "VU#330275"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "4747"
},
{
"db": "BID",
"id": "4748"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…