The Cisco Content Service Switch contains a denial-of-service vulnerability that allows remote attackers to perform a soft reset on affected devices.
The Cisco Content Service Switch (CSS) products include support for the session and application layers. This additional functionality allows a CSS device to make packet switching decisions based on packet contents (such as HTML tags) rather than relying solely upon packet header information.
The CSS 11000 series switch contains a vulnerability that causes the device to perform a soft reset when XML data is sent to its web management interface.
This vulnerability allows remote attackers to reboot affected devices, creating a denial-of-service condition.
Apply a patch from Cisco
Prevent access to the web management interface
This document was written by Jeffrey P. Lanza based on information provided by Cisco Systems.
|Date First Published:||2002-05-22|
|Date Last Updated:||2002-05-30 14:37 UTC|