Protection against Cisco IOS HTTP Server Code Injection Vulnerability

A vulnerability exists in Cisco's IOS HTTP server. The Cisco HTTP Server is used to manage cisco routers via Web browser. An attacker can submit malicious HTML and script code through several scripts and potentially execute malicious commands against the affected device. Devices with the HTTP service disabled are not affected.

Several functions do not properly filter HTML code from user-supplied inputs before displaying the input. An attacker can inject arbitrary code in some of the dynamically generated Web pages or perform cross-site scripting attacks against the target router.

Users of VPN-1 NG with Application Intelligence R54, R55 and R55W and users of VPN-1 NGX R60 should update their SmartDefense by clicking Online Update (R55- Update Now) in the SmartDashboard General window.

Attack Name: HTTP Worm Catcher
Attack Information: Cisco IOS HTTP server code injection vulnerability

Users of VPN-1 NG with Application Intelligence R55 & R55W and users of VPN-1 NGX R60 should update their SmartDefense by clicking Online Update (R55 - Update now) in the SmartDashboard General window.

To enable the protection:

Users of R55W and R60:

1. On the Web Intelligence tree, click Malicious Code > General HTTP Worm Catcher.
2. Enable Cisco IOS HTTP Server Code Injection Vulnerability.  

Users of R54, R55:

1. On the SmartDefense tree, click Application Intelligence > Web and enable General HTTP Worm Catcher.
2. Enable Cisco IOS HTTP Server Code Injection Vulnerability.  

Note: This protection may cause connectivity issues.

Infohacking.com

This update also includes:

- Protection against Microsoft COM vulnerability (MS05-054) - CPAI-2005-158
- Protection against Macromedia JRun 4.0 Web Server Buffer Overflow Vulnerability - CPAI-2005-161
- Protection against Microsoft IIS URI Denial of Service  - CPAI-2005-160