ID

VAR-200004-0061


CVE

CVE-2000-0380


TITLE

Cisco IOS software vulnerable to DoS via HTTP request containing "%%"

Trust: 0.8

sources: CERT/CC: VU#24346

DESCRIPTION

The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. There is a denial-of-service vulnerability in several Cisco switch and router products which allows an attacker to force affected devices to crash and reboot. If the router is configured to have a web server running for configuration and other information a user can cause the router to crash. Cisco IOS Is widely run on Cisco The operating system in various network devices of the system. Some routers will restart automatically, while others must manually turn off the power and start up to make the router resume normal operation

Trust: 1.98

sources: NVD: CVE-2000-0380 // CERT/CC: VU#24346 // BID: 1154 // VULHUB: VH-CVE-2000-0380

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:11.2

Trust: 1.9

vendor:ciscomodel:iosscope:eqversion:11.1

Trust: 1.9

vendor:ciscomodel:iosscope:eqversion:11.2\(8\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.2\(17\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.2\(4\)f1

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.2\(10\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.2\(8\)p

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.2\(9\)xa

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.2\(10\)bc

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.2\(9\)p

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:11.3

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:12.0\(9\)s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(1\)w

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(1\)xe

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)xg

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)xf

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.2p

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(6\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.3\(1\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(5\)t1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(4\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(7\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.3\(1\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(8\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.3\(1\)ed

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0db

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(4\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(5\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(1\)xa3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(1\)xb

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(4\)s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(3\)t2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.3t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)xc

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(2\)xd

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0s

Trust: 1.0

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:12.0.7

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.6

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.5

Trust: 0.3

vendor:ciscomodel:ios tscope:eqversion:12.0.4

Trust: 0.3

vendor:ciscomodel:ios sscope:eqversion:12.0.4

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.4

Trust: 0.3

vendor:ciscomodel:ios t2scope:eqversion:12.0.3

Trust: 0.3

vendor:ciscomodel:ios xgscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:ios xfscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:ios xdscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:ios xcscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0.2

Trust: 0.3

vendor:ciscomodel:ios xescope:eqversion:12.0.1

Trust: 0.3

vendor:ciscomodel:ios xbscope:eqversion:12.0.1

Trust: 0.3

vendor:ciscomodel:ios xa3scope:eqversion:12.0.1

Trust: 0.3

vendor:ciscomodel:ios wscope:eqversion:12.0.1

Trust: 0.3

vendor:ciscomodel:ios tscope:eqversion:11.3.1

Trust: 0.3

vendor:ciscomodel:ios edscope:eqversion:11.3.1

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.3.1

Trust: 0.3

vendor:ciscomodel:ios bcscope:eqversion:11.2.10

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.2.10

Trust: 0.3

vendor:ciscomodel:ios xascope:eqversion:11.2.9

Trust: 0.3

vendor:ciscomodel:ios pscope:eqversion:11.2.9

Trust: 0.3

vendor:ciscomodel:ios pscope:eqversion:11.2.8

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.2.8

Trust: 0.3

vendor:ciscomodel:ios f1scope:eqversion:11.2.4

Trust: 0.3

vendor:ciscomodel:ios 12.0tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0dbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0 sscope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:12.0(8)

Trust: 0.3

vendor:ciscomodel:ios 12.0 tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0 t1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.3tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.2pscope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.2(17)

Trust: 0.3

vendor:ciscomodel:ios sa1scope:neversion:11.2.8

Trust: 0.3

vendor:ciscomodel:ios 12.1 t1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:ios 12.1 tscope:neversion: -

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:11.0

Trust: 0.3

sources: CERT/CC: VU#24346 // BID: 1154 // CNNVD: CNNVD-200004-074 // NVD: CVE-2000-0380

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2000-0380
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#24346
value: 11.25

Trust: 0.8

CNNVD: CNNVD-200004-074
value: HIGH

Trust: 0.6

VUL-HUB: VH-CVE-2000-0380
value: HIGH RISK

Trust: 0.1

NVD: CVE-2000-0380
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

VULHUB: VH-CVE-2000-0380
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#24346 // VULHUB: VH-CVE-2000-0380 // CNNVD: CNNVD-200004-074 // NVD: CVE-2000-0380

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VH-CVE-2000-0380 // NVD: CVE-2000-0380

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200004-074

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200004-074

CONFIGURATIONS

sources: NVD: CVE-2000-0380

EXPLOIT AVAILABILITY

sources: VULHUB: VH-CVE-2000-0380

EXTERNAL IDS

db:BIDid:1154

Trust: 2.7

db:NVDid:CVE-2000-0380

Trust: 1.7

db:OSVDBid:1302

Trust: 1.6

db:CERT/CCid:VU#24346

Trust: 0.8

db:CNNVDid:CNNVD-200004-074

Trust: 0.7

db:CISCOid:20000514 CISCO IOS HTTP SERVER VULNERABILITY

Trust: 0.6

db:NSFOCUSid:483

Trust: 0.6

db:BUGTRAQid:20000426 CISCO HTTP POSSIBLE BUG:

Trust: 0.6

db:CNVDid:CNVD-2000-0433

Trust: 0.1

db:VULHUBid:VH-CVE-2000-0380

Trust: 0.1

sources: CERT/CC: VU#24346 // VULHUB: VH-CVE-2000-0380 // BID: 1154 // CNNVD: CNNVD-200004-074 // NVD: CVE-2000-0380

REFERENCES

url:http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml

Trust: 2.7

url:http://www.securityfocus.com/bid/1154

Trust: 2.4

url:http://www.osvdb.org/1302

Trust: 1.6

url:http://archives.neohapsis.com/archives/bugtraq/2000-04/0261.html

Trust: 1.6

url:http://www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml

Trust: 0.8

url:http://www.nsfocus.net/vulndb/483

Trust: 0.6

url:http://www.cisco.com/warp/public/707/sec_incident_response.shtml

Trust: 0.3

sources: CERT/CC: VU#24346 // BID: 1154 // CNNVD: CNNVD-200004-074 // NVD: CVE-2000-0380

CREDITS

Keith Woodworth※ kwoody@citytel.net

Trust: 0.6

sources: CNNVD: CNNVD-200004-074

SOURCES

db:CERT/CCid:VU#24346
db:VULHUBid:VH-CVE-2000-0380
db:BIDid:1154
db:CNNVDid:CNNVD-200004-074
db:NVDid:CVE-2000-0380

LAST UPDATE DATE

2022-05-06T18:08:27.813000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#24346date:2004-03-30T00:00:00
db:VULHUBid:VH-CVE-2000-0380date:2008-09-10T00:00:00
db:BIDid:1154date:2000-04-26T00:00:00
db:CNNVDid:CNNVD-200004-074date:2005-07-27T00:00:00
db:NVDid:CVE-2000-0380date:2008-09-10T04:00:00

SOURCES RELEASE DATE

db:CERT/CCid:VU#24346date:2000-11-09T00:00:00
db:VULHUBid:VH-CVE-2000-0380date:2000-04-26T00:00:00
db:BIDid:1154date:2000-04-26T00:00:00
db:CNNVDid:CNNVD-200004-074date:2000-04-26T00:00:00
db:NVDid:CVE-2000-0380date:2000-04-26T04:00:00