Description
Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when "inspect http" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic.
Affected products
- Cisco / asa_55007.0 – 7.0
- Cisco / asa_55007.1 – 7.1
- Cisco / firewall_services_module2.3 – 2.3
- Cisco / firewall_services_module3.1 – 3.1
- Cisco / pix_firewall_software7.0 – 7.0
- Cisco / pix_firewall_software7.1 – 7.1
References
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/0608
- VENDOR_ADVISORYhttp://secunia.com/advisories/24180
- VENDOR_ADVISORYhttp://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml
- MISChttp://securitytracker.com/id?1017651
- MISChttp://www.securityfocus.com/bid/22561
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/32486
- MISChttp://osvdb.org/33055
- MISChttp://www.securityfocus.com/bid/22562
- VENDOR_ADVISORYhttp://secunia.com/advisories/24160
- VENDOR_ADVISORYhttp://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml
- MISChttp://www.securitytracker.com/id?1017652