cbcvebase.
CVE-2000-0984
published 2000-12-19

CVE-2000-0984: The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string.

PriorityP264medium5CVSS 2.0
AVNACLAuNCNINAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.92%
89.0th percentile
The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string.

Affected

24 ranges
VendorProductVersion rangeFixed in
ciscoios
ciscoios
ciscoios
ciscoios
ciscoios
ciscoios
ciscoios
ciscoios
ciscoios
ciscoios
ciscoios
ciscoios
ciscoios
ciscoios
ciscoios
ciscoios
ciscoios
ciscoios
ciscoios
ciscoios
ciscoios
ciscoios
ciscoios
ciscoios

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://target/anytext?/
  • Look for HTTP requests to Cisco IOS HTTP server where the URL path contains the literal string '?/' — this triggers an infinite loop leading to a watchdog-timer crash and reload.
  • ·The attack requires the enable password to be absent, known, or easily guessable — exploitation is gated by authentication to the IOS HTTP server.
  • ·The Cisco IOS HTTP server is only enabled by default on Cisco 1003, 1004, and 1005 routers; on all other affected platforms it must be explicitly enabled.
  • ·In certain cases the device will not automatically reload after the crash, requiring a manual restart to restore functionality.

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vulncheck5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.