Denial of Service Vulnerability in Cisco StarOS on ASR 5000 Devices
CVE-2015-0712

Currently unrated

Key Information:

Vendor: Cisco
Status: Staros
Vendor: CVE Published:; 1 May 2015

Summary

The session-manager service in Cisco StarOS versions 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices is susceptible to a denial of service. Remote attackers can send malformed HTTP packets, which may cause the service to reload, resulting in packet loss and disruption of service. This vulnerability underscores the importance of secure packet handling within network services, and users are advised to follow security practices to mitigate such risks.

References

http://www.securitytracker.com/id/1032219

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
May 1, 2015
Vulnerability Reserved
Jan 7, 2015