Denial of Service in Cisco VPN 3000 Concentrator by Long URL Manipulation
CVE-2002-1093

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn 3000 Concentrator Series Software
Vendor: CVE Published:; 4 October 2002

Summary

The HTML interface for the Cisco VPN 3000 Concentrator in versions 2.x.x and 3.x.x prior to 3.0.3(B) is susceptible to a denial of service attack due to mishandling of excessively long URL requests. This vulnerability allows remote attackers to exploit the system, resulting in high CPU consumption and potential downtime. Organizations using affected versions are advised to apply security best practices and consider upgrading to mitigate this risk.

References

http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/5615

vdb-entryx_refsource_BID

http://www.iss.net/security_center/static/10018.php

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Oct 4, 2002
Vulnerability Reserved
Sep 6, 2002