var-200208-0079
Vulnerability from variot
The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data. These switches run WebNS software. The attacker does not need to be authenticated to cause this condition to occur. The CSS 11000 series switches are known to be affected by this vulnerability. Since this issue occurs before authentication, any remote attacker without authentication can perform a denial of service attack
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200208-0079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "webns",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0_1.012s"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0_2.005s"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0_0.038s"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.1_0.0.10"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.0_1.053s"
},
{
"model": "content services switch 11000",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.10.0.10"
},
{
"model": "webns 2.005s",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "webns 1.012s",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "webns 0.038s",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "webns 1.053s",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "content services switch 11000",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#330275"
},
{
"db": "CERT/CC",
"id": "VU#686939"
},
{
"db": "BID",
"id": "4747"
},
{
"db": "BID",
"id": "4748"
},
{
"db": "NVD",
"id": "CVE-2002-0792"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-139"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:4.0_1.053s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:5.0_0.038s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:5.0_1.012s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:5.0_2.005s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:5.1_0.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:content_services_switch_11000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0792"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Systems Product Security Incident Response Team\u203b psirt@cisco.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-139"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0792",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-5183",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-0792",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#330275",
"trust": 0.8,
"value": "16.88"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#686939",
"trust": 0.8,
"value": "12.66"
},
{
"author": "CNNVD",
"id": "CNNVD-200208-139",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-5183",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#330275"
},
{
"db": "CERT/CC",
"id": "VU#686939"
},
{
"db": "VULHUB",
"id": "VHN-5183"
},
{
"db": "NVD",
"id": "CVE-2002-0792"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-139"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data. These switches run WebNS software. The attacker does not need to be authenticated to cause this condition to occur. \nThe CSS 11000 series switches are known to be affected by this vulnerability. Since this issue occurs before authentication, any remote attacker without authentication can perform a denial of service attack",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0792"
},
{
"db": "CERT/CC",
"id": "VU#330275"
},
{
"db": "CERT/CC",
"id": "VU#686939"
},
{
"db": "BID",
"id": "4747"
},
{
"db": "BID",
"id": "4748"
},
{
"db": "VULHUB",
"id": "VHN-5183"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "4747",
"trust": 2.8
},
{
"db": "BID",
"id": "4748",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#330275",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#686939",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2002-0792",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-200208-139",
"trust": 0.7
},
{
"db": "XF",
"id": "9083",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20020515 CONTENT SERVICE SWITCH WEB MANAGEMENT HTTP PROCESSING VULNERABILITIES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-5183",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#330275"
},
{
"db": "CERT/CC",
"id": "VU#686939"
},
{
"db": "VULHUB",
"id": "VHN-5183"
},
{
"db": "BID",
"id": "4747"
},
{
"db": "BID",
"id": "4748"
},
{
"db": "NVD",
"id": "CVE-2002-0792"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-139"
}
]
},
"id": "VAR-200208-0079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5183"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:45:34.999000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0792"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.cisco.com/warp/public/707/css-http-post-pub.shtml"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/4747"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/4748"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/330275"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/686939"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/9083.php"
},
{
"trust": 0.6,
"url": "http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#330275"
},
{
"db": "CERT/CC",
"id": "VU#686939"
},
{
"db": "VULHUB",
"id": "VHN-5183"
},
{
"db": "BID",
"id": "4747"
},
{
"db": "BID",
"id": "4748"
},
{
"db": "NVD",
"id": "CVE-2002-0792"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-139"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#330275"
},
{
"db": "CERT/CC",
"id": "VU#686939"
},
{
"db": "VULHUB",
"id": "VHN-5183"
},
{
"db": "BID",
"id": "4747"
},
{
"db": "BID",
"id": "4748"
},
{
"db": "NVD",
"id": "CVE-2002-0792"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-139"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-05-22T00:00:00",
"db": "CERT/CC",
"id": "VU#330275"
},
{
"date": "2002-05-22T00:00:00",
"db": "CERT/CC",
"id": "VU#686939"
},
{
"date": "2002-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-5183"
},
{
"date": "2002-05-15T00:00:00",
"db": "BID",
"id": "4747"
},
{
"date": "2002-05-15T00:00:00",
"db": "BID",
"id": "4748"
},
{
"date": "2002-08-12T04:00:00",
"db": "NVD",
"id": "CVE-2002-0792"
},
{
"date": "2002-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-139"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-05-30T00:00:00",
"db": "CERT/CC",
"id": "VU#330275"
},
{
"date": "2002-05-30T00:00:00",
"db": "CERT/CC",
"id": "VU#686939"
},
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-5183"
},
{
"date": "2009-07-11T12:46:00",
"db": "BID",
"id": "4747"
},
{
"date": "2009-07-11T12:46:00",
"db": "BID",
"id": "4748"
},
{
"date": "2008-09-05T20:28:57.757000",
"db": "NVD",
"id": "CVE-2002-0792"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-139"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "4747"
},
{
"db": "BID",
"id": "4748"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Content Service Switch reboots when HTTPS POST request is sent to web management interface",
"sources": [
{
"db": "CERT/CC",
"id": "VU#330275"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "4747"
},
{
"db": "BID",
"id": "4748"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.