CVE-2008-3812
published 2008-09-26CVE-2008-3812: Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial…
high7.1CVSS 3.1
AVNACMAuNCNINAC
Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
Cisco
Cisco IOS Software Firewall Application Inspection Control Vulnerability
vendor_cisco·2008-09-24·CVSS 7.8
CVE-2008-3812 [HIGH] CWE-399 Cisco IOS Software Firewall Application Inspection Control Vulnerability
Cisco IOS Software Firewall Application Inspection Control Vulnerability
Cisco IOS software configured for IOS firewall Application Inspection
Control (AIC) with a HTTP configured application-specific policy are vulnerable
to a Denial of Service when processing a specific malformed HTTP transit
packet. Successful exploitation of the vulnerability may result in a reload of
the affected device.
Cisco has released software updates that address this vulnerability.
A mitigation for this vulnerability is available. See the "Workarounds"
section for details.
This advisory is posted at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080924-iosfw.
Note: The September 24, 2008 IOS Advisory bundled publication includes
twelve Security Advisories. Eleven of
Cisco
Cisco IOS Software Firewall Application Inspection Control Vulnerability
vendor_cisco
CVE-2008-3812 Cisco IOS Software Firewall Application Inspection Control Vulnerability
CVE-2008-3812: Cisco IOS Software Firewall Application Inspection Control Vulnerability
Cisco IOS software configured for IOS firewall Application Inspection Control (AIC) with a HTTP configured application-specific policy are vulnerable to a Denial of Service when processing a specific malformed HTTP transit packet. Successful exploitation of the vulnerability may result in a reload of the affected device. Cisco has released software updates that address this vulnerability. A mitigation for this vulnerability is available. See the "
CWE: CWE-399, CWE-399
Bug IDs: CSCsh12480, CSCsh12480
GHSA
GHSA-h94v-hj96-5w55: Cisco IOS 12
ghsa_unreviewed·2022-05-02
CVE-2008-3812 [HIGH] CWE-20 GHSA-h94v-hj96-5w55: Cisco IOS 12
Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/31990http://tools.cisco.com/security/center/viewAlert.x?alertId=16661http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01545.shtmlhttp://www.securityfocus.com/bid/31354http://www.securitytracker.com/id?1020929http://www.vupen.com/english/advisories/2008/2670https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5302http://secunia.com/advisories/31990http://tools.cisco.com/security/center/viewAlert.x?alertId=16661http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01545.shtmlhttp://www.securityfocus.com/bid/31354http://www.securitytracker.com/id?1020929http://www.vupen.com/english/advisories/2008/2670https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5302
2008-09-26
Published