CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 221 | CVE-1999-0222 | Candidate | Denial of service in Cisco IOS web server allows attackers to reboot the router using a long URL. | Proposed (19990714) | ACCEPT(1) Baker | MODIFY(3) Frech, Levy, Shostack | NOOP(3) Balinsky, Northcutt, Wall | RECAST(1) Ziese | REJECT(1) Christey | Shostack> I follow cisco announcements and problems pretty closely, and haven"t | seen this. Source? | Frech> XF:cisco-web-crash | Christey> XF:cisco-web-crash has no additional references. I can"t find | any references in Bugtraq or Cisco either. This bug is | supposedly tested by at least one security product, but that | product"s database doesn"t have any references either. So | a question becomes, how did it make it into at least two | security companies" databases? | Levy> BUGTGRAQ: http://www.securityfocus.com/archive/1/60159 | BID 1154 | Ziese> The vulnerability is addressed by a vendor acknowledgement. This one, if | recast to reflect that "...after using a long url..." should be replaced | with | "...A defect in multiple releases of Cisco IOS software will cause a Cisco | router or switch to halt and reload if the IOS HTTP service is enabled, | browsing to "http://router-ip/anytext?/" is attempted, and the enable | password is supplied when requested. This defect can be exploited to produce | a denial of service (DoS) attack." | Then I can accept this and mark it as "Verfied by my Company". If it can"t | be recast because this (long uri) is diffferent then our release (special | url construction). | CHANGE> [Christey changed vote from REVIEWING to REJECT] | Christey> Elias Levy"s suggested reference is CVE-2000-0380. | I don"t think that Kevin"s description is really addressing | this either. The lack of references and a specific | description make this candidate unusable, so it should be | rejected. | View |
| 393 | CVE-1999-0394 | Candidate | DPEC Online Courseware allows an attacker to change another user"s password without knowing the original password. | Proposed (19990728) | ACCEPT(1) Baker | NOOP(1) Christey | REJECT(1) Frech | Frech> If I understand the issue, this HIGHCARD involves insecure web programming. | If I don"t understand, mark this as my first NOOP. | Christey> CONFIRM:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D19990803132618.16407.qmail%40securityfocus.com | ADDREF BID:565 | URL:http://www.securityfocus.com/vdb/bottom.html?vid=565 | View |
| 618 | CVE-1999-0636 | Candidate | The discard service is running. | Proposed (19990804) | ACCEPT(1) Baker | NOOP(1) Wall | REJECT(1) Northcutt | View | |
| 620 | CVE-1999-0638 | Candidate | The daytime service is running. | Proposed (19990804) | ACCEPT(1) Baker | NOOP(1) Wall | REJECT(1) Northcutt | View | |
| 631 | CVE-1999-0649 | Candidate | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The FSP service is running." | Modified (20080731) | ACCEPT(1) Baker | NOOP(1) Wall | REJECT(1) Northcutt | View |
Page 638 of 20943, showing 5 records out of 104715 total, starting on record 3186, ending on 3190
