Sign-up

ID

VAR-200308-0163


CVE

CVE-2003-0647


TITLE

Cisco IOS HTTP Server vulnerable to buffer overflow when processing overly large malformed HTTP GET request

Trust: 0.8

sources: CERT/CC: VU#579324

DESCRIPTION

Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request. IOS is prone to a remote security vulnerability. Cisco IOS is a very widely deployed network operating system. Many Cisco devices run IOS. The HTTP service program of the Cisco IOS device does not properly handle large data requests. Remote attackers can use this vulnerability to perform buffer overflow attacks on the service, and may run arbitrary commands on the device with system privileges

Trust: 1.98

sources: NVD: CVE-2003-0647 // CERT/CC: VU#579324 // BID: 82775 // VULHUB: VHN-7475

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:lteversion:12.2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2

Trust: 0.9

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

sources: CERT/CC: VU#579324 // BID: 82775 // CNNVD: CNNVD-200308-123 // NVD: CVE-2003-0647

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0647
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#579324
value: 15.82

Trust: 0.8

CNNVD: CNNVD-200308-123
value: HIGH

Trust: 0.6

VULHUB: VHN-7475
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2003-0647
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-7475
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#579324 // VULHUB: VHN-7475 // CNNVD: CNNVD-200308-123 // NVD: CVE-2003-0647

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0647

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200308-123

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200308-123

EXTERNAL IDS

db:CERT/CCid:VU#579324

Trust: 2.8

db:NVDid:CVE-2003-0647

Trust: 2.0

db:SECUNIAid:9397

Trust: 0.8

db:SECTRACKid:1007342

Trust: 0.8

db:CNNVDid:CNNVD-200308-123

Trust: 0.7

db:CISCOid:20030731 SENDING 2GB DATA IN GET REQUEST CAUSES BUFFER OVERFLOW IN CISCO IOS SOFTWARE

Trust: 0.6

db:BIDid:82775

Trust: 0.4

db:SEEBUGid:SSVID-15253

Trust: 0.1

db:VULHUBid:VHN-7475

Trust: 0.1

sources: CERT/CC: VU#579324 // VULHUB: VHN-7475 // BID: 82775 // CNNVD: CNNVD-200308-123 // NVD: CVE-2003-0647

REFERENCES

url:http://www.cisco.com/warp/public/707/cisco-sn-20030730-ios-2gb-get.shtml

Trust: 2.8

url:http://www.kb.cert.org/vuls/id/579324

Trust: 2.0

url:http://www.cisco.com/en/us/products/sw/iosswrel/ps1831/products_tech_note09186a00801a97e1.shtml

Trust: 0.8

url:http://www.secunia.com/advisories/9397/

Trust: 0.8

url:http://securitytracker.com/alerts/2003/jul/1007342.html

Trust: 0.8

sources: CERT/CC: VU#579324 // VULHUB: VHN-7475 // BID: 82775 // CNNVD: CNNVD-200308-123 // NVD: CVE-2003-0647

CREDITS

FX fx@phenoelit.de

Trust: 0.6

sources: CNNVD: CNNVD-200308-123

SOURCES

db:CERT/CCid:VU#579324
db:VULHUBid:VHN-7475
db:BIDid:82775
db:CNNVDid:CNNVD-200308-123
db:NVDid:CVE-2003-0647

LAST UPDATE DATE

2025-04-03T22:25:18.366000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#579324date:2003-08-11T00:00:00
db:VULHUBid:VHN-7475date:2008-09-10T00:00:00
db:BIDid:82775date:2003-08-27T00:00:00
db:CNNVDid:CNNVD-200308-123date:2005-10-20T00:00:00
db:NVDid:CVE-2003-0647date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:CERT/CCid:VU#579324date:2003-07-31T00:00:00
db:VULHUBid:VHN-7475date:2003-08-27T00:00:00
db:BIDid:82775date:2003-08-27T00:00:00
db:CNNVDid:CNNVD-200308-123date:2003-07-31T00:00:00
db:NVDid:CVE-2003-0647date:2003-08-27T04:00:00