Tools:

Vulns:

  • HTTP Server DoS
  • Cisco ISO HTTP Server Command Injection Vulnerability
    • From the description of the vulnerability, it doesn’t sound like command injection. It sounds like the web server doesn’t properly sanitize the logs when viewing them. If there was html or javascript code in the logs, it would render them.
    • Offical Cisco Advisory cisco-sa-20051201-http – cisco.com

Other News: