Cisco Systems AS5200 manual Caveats, Caveat CSCdr91706 and IOS Http Vulnerability

Page 13

Caveats

Caveat CSCdr91706 and IOS HTTP Vulnerability

A defect in multiple releases of Cisco IOS software will cause a Cisco router or switch to halt and reload if the IOS HTTP service is enabled, browsing to http://router-ip/anytext?/ is attempted, and the enable password is supplied when requested. This defect can be exploited to produce a denial of service (DoS) attack.

The vulnerability, identified as Cisco caveat CSCdr91706, affects virtually all mainstream Cisco routers and switches running Cisco IOS software releases 12.0 through 12.1, inclusive. This is not the same defect as CSCdr36952.

The vulnerability has been corrected and Cisco is making fixed releases available for free to replace all affected Cisco IOS releases. Customers are urged to upgrade to releases that are not vulnerable to this defect as shown in detail below.

This vulnerability can only be exploited if the enable password is known or not set.

You are strongly encouraged to read the complete advisory, which is available at

http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml.

Some 40-bit Encryption Images Are Unavailable

Cisco is conducting an internal review of the build and distribution processes associated with its 40-bit Cisco IOS cryptographic products. To provide seamless access to Cisco IOS 40-bit encryption capability, Cisco will provide access to the most current 40-bit encryption images, beginning with Cisco IOS Release 11.2 (12), 11.2(12)P, and 11.3(2). The following 40-bit encryption images will be indefinitely unavailable:

11.2(1)–11.2(11.2)

11.2(2)P–11.2(11.1)P

11.2(1)F–11.2(4)F

11.3(1)

This review is not related to any new or previously unreported bugs. The information gathered in the review will be used to implement new automated development and order processing applications.

Some V.110 Terminal Adapters are Unavailable

The V.110 terminal adapters are not supported in Cisco IOS Release 11.2(12) P through 11.2(15) P.

Caveats

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only select severity 3 caveats are included in the caveats document.

This section only contains open and resolved caveats for the current Cisco IOS maintenance release.

All caveats in Cisco IOS Release 11.2 are also in Cisco IOS Release 11.2 P.

For information on caveats in Cisco IOS Release 11.2 P, see Caveats for Cisco IOS Release 11.2 P located on Cisco.com and the Documentation CD-ROM.

 

 

Release Notes for Cisco AS5200 Universal Access Servers for Cisco IOS Release 11.2 P

 

 

 

 

 

 

 

78-5214-15 Rev. A0

 

 

13

 

 

 

 

 

Page 12 Page 14
Image 13
Page 12 Page 14
Contents Contents System Requirements IntroductionMemory Recommendations Lists the memory recommendations for the Cisco AS5200Determining the Software Version Supported HardwareUpgrading to a New Software Release Isdn PRIGRE Feature Set TablesXNS OSIHdlc IpxwanIS-IS IgrpNhrp OspfTACACS+ RadiusQllc SRB/RSRBAtcp LATCppp CslipNew and Changed Information New Software Features in Cisco IOS Release 11.210 PBundled Modem Code for the Cisco AS5200 Modem Pooling for the Cisco AS5200Web Cache Control Protocol for the Cisco AS5200 Fastboot for the Cisco AS5200Flash Load Helper for the Cisco AS5200 New Features in Cisco IOS Release 11.21 P through 11.22 P New Software Features in Cisco IOS Release 11.25 PChannelized E1 Signaling for the Cisco AS5200 Robbed-Bit Signaling for the Cisco AS5200Dual E1 PRI for the Cisco AS5200 Important NotesCaveat CSCdr91706 and IOS Http Vulnerability CaveatsSome 40-bit Encryption Images Are Unavailable Some V.110 Terminal Adapters are UnavailableRelease-Specific Documents Related DocumentationOn the Documentation CD-ROM, click on this path Caveats for Cisco IOS Release 11.2 P On Cisco.comPlatform-Specific Documents Feature ModulesCisco IOS Release 11.2 Documentation Set Contents Feature NavigatorCisco IOS Software Documentation Set Documentation ModulesISO Clns World Wide Web Documentation CD-ROM Obtaining DocumentationOrdering Documentation Obtaining Technical AssistanceDocumentation Feedback Cisco.comTo access Cisco.com, go to the following website Contacting TAC by Using the Cisco TAC WebsiteTechnical Assistance Center Contacting TAC by TelephoneObtaining Technical Assistance Obtaining Technical Assistance
Top Page Image Contents