Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Firewall Services Module, PIX, and ASA Malformed HTTP Requests Denial of Service Vulnerability

Cisco-SA-20070214-CVE-2007-0962 · Medium · Published · Updated

Cisco Firewall Services Module, Cisco PIX Security Appliance, and Cisco Adaptive Security Appliance (ASA) contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability exists due to an error within the handling of malformed HTTP requests.  An attacker could exploit this vulnerability via a malformed HTTP request to cause the device to reload, resulting in a DoS condition. Cisco confirmed this vulnerability in a security advisory and released updated software. Enhanced inspection of HTTP requests is not enabled by default on any of the affected products.  Normal inspection, which is enabled by using the inspect http command without specifying an HTTP map, will not make a system vulnerable.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate patch.

Administrators may wish to disable enhanced inspection of HTTP traffic by removing the line inspect http %appfw% from the configuration, where appfw is the name of an HTTP map.  However, this will result in a less granular inspection of HTTP traffic.  If this is done, inspect http should be left configured because it will still provide some protection against malicious HTTP requests.

The Cisco Applied Intelligence team has created the following companion document to guide administrators in identifying and mitigating attempts to exploit this vulnerability prior to applying updated software: Identifying and Mitigating Exploitation of Multiple Vulnerabilities in Cisco ASA/PIX/FWSM Firewalls["http://www.cisco.com/warp/public/707/cisco-air-20070214-firewall.shtml"]

CVEsCVE-2007-0962
Cisco Bug IDsNA
CVSS ScoreBase 3.3
Product Names From Source
Cisco Firewall Services Module (FWSM), Cisco PIX/ASA

Related Products

Product CVE Evidence
Cisco PIX/ASA CVE-2007-0962 Cisco OpenVuln
Cisco Firewall Services Module (FWSM) CVE-2007-0962 Cisco OpenVuln