[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cisco Security Advisory: Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Cisco Security Advisory: Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability
From: Cisco Systems Product Security Incident Response Team <psirt@xxxxxxxxx>
Date: Wed, 20 Apr 2016 12:01:41 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Wireless LAN Controller HTTP Parsing Denial of 
Service Vulnerability

Advisory ID: cisco-sa-20160420-htrd

Revision 1.0

For Public Release 2016 April 20 16:00  GMT (UTC)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the HTTP URL redirect feature of Cisco Wireless LAN 
Controller (WLC) Software could allow an unauthenticated, remote attacker to 
cause a buffer overflow condition on an affected device, resulting in a denial 
of service (DoS) condition.

The vulnerability is due to improper handling of HTTP traffic by the affected 
software. An attacker could exploit this vulnerability by sending a crafted 
HTTP request to an affected device. A successful exploit could allow the 
attacker to cause a buffer overflow condition on the device, which could allow 
the attacker to cause the device to reload, resulting in a DoS condition, or 
execute arbitrary code on the device.

Cisco has released software updates that address this vulnerability. There are 
no workarounds that address this vulnerability. 

This advisory is available at the following link: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-htrd
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXF4vuAAoJEK89gD3EAJB52hYQALm85XJaGPUEVNKU5qO5XXgS
DNXebsZBGXOKiR+4Q/meIrsFfDwSclIXmyK6Xwecxg+ye2thqXyj9oOBIK1svXTb
dDb1LixwfvHZGvpjqd38gF6xrzOiGARjuJPlUetWR7IqW1xLiD1Qvx0grf6HFyoC
ASpUSKuBRyUs4rYvJ2HewGwgCDVqKWriTZ1ZuyNFkJeiUWRW8IyASkiirTYkDj+g
+whHTjdZ5ilzD44aAhdWk+Np7GYom4YAjrhrRdW9kxkSvkTDwsKbZJbBLAXGM2AC
GwqxE4Qltw1AbWEJ9w7HXY+SKI0xBhpsm/WBoOfO8kShdT8M0TMxSh8Fga50/C3v
2sZVusZE+3IpqY8CF/1WXYL85sFxNRXhDfae0EiiT1rZSO68zdz48GhuUBllpJT8
AVjupNOg3GWyhFuJzaUlv9sCZT6chwd/J2sRqTNPDelpaMCaLEY5oVeS6noheK1/
VQHAC5DwOer+LR5OmxdG+4ZQbxPSqgFfOxfSxe/pwql3YmWyzFRZQmGkhz05odNH
ywalsvEhMJIcJMl9kF4mBLji1hUg6D6XxpxGNEMpfPimiEAQWvKEb/YkC25YtIeZ
N9kR4sc7e0NIvysq+2UiIDe1QxdBF6SPZl8HnlYvTsVJ2vBKI+x1uN9dvtFXpW0p
fg9E9sebxbEmxJCvhNFi
=v8Ma
-----END PGP SIGNATURE-----

Prev by Date: Cisco Security Advisory: Cisco Wireless LAN Controller Denial of Service Vulnerability
Next by Date: Cisco Security Advisory: Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability
Previous by thread: Cisco Security Advisory: Cisco Wireless LAN Controller Denial of Service Vulnerability
Next by thread: Cisco Security Advisory: Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability
Index(es):
- Date
- Thread