Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 12/22/2014 9:55:32 AM

CVE Publication rate: 19.83

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 8.23
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

National Cyber Awareness System

Vulnerability Summary for CVE-2013-1100

Original release date: 02/13/2013
Last revised: 02/14/2013
Source: US-CERT/NIST

Overview

The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853.

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score: 5.4 (MEDIUM) (AV:N/AC:H/Au:N/C:N/I:N/A:C) (legend)
Impact Subscore: 6.9
Exploitability Subscore: 4.9
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: High
Authentication: Not required to exploit
Impact Type: Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CISCO
Name: 20130130 Cisco IOS Software HTTP Server Denial of Service Vulnerability

Vulnerable software and versions

+ Configuration 1
+ AND
+ OR
* cpe:/o:cisco:ios:-
+ OR
cpe:/h:cisco:catalyst_2820
cpe:/h:cisco:catalyst_2820:9.0_0.07
cpe:/h:cisco:catalyst_2900:lre_xl
cpe:/h:cisco:catalyst_2900:xl
cpe:/h:cisco:catalyst_3750g
cpe:/h:cisco:catalyst_2901
cpe:/h:cisco:catalyst_2902
cpe:/h:cisco:catalyst_2920
cpe:/h:cisco:catalyst_2926
cpe:/h:cisco:catalyst_2926f
cpe:/h:cisco:catalyst_2926gl
cpe:/h:cisco:catalyst_2926gs
cpe:/h:cisco:catalyst_2926t
cpe:/h:cisco:catalyst_2940
cpe:/h:cisco:catalyst_2948-ge-tx
cpe:/h:cisco:catalyst_2980g
cpe:/h:cisco:catalyst_3560-x
cpe:/h:cisco:catalyst_2970
cpe:/h:cisco:catalyst_6503-e:-
cpe:/h:cisco:catalyst_2955
cpe:/h:cisco:catalyst_3750-x
cpe:/h:cisco:catalyst_6504-e:-
cpe:/h:cisco:catalyst_2950_lre
cpe:/h:cisco:catalyst_3560-e
cpe:/h:cisco:catalyst_6506-e:-
cpe:/h:cisco:catalyst_6509-v-e:-
cpe:/h:cisco:catalyst_3200
cpe:/h:cisco:catalyst_3750-e
cpe:/h:cisco:catalyst_6509-neb-a:-
cpe:/h:cisco:catalyst_3000
cpe:/h:cisco:catalyst_6509-e:-
cpe:/h:cisco:catalyst_2980g-a
cpe:/h:cisco:catalyst_3560
cpe:/h:cisco:catalyst_3500_xl
cpe:/h:cisco:catalyst_3900
cpe:/h:cisco:catalyst_3750_metro
cpe:/h:cisco:catalyst_6000_ws-x6380-nam:3.1%281a%29
cpe:/h:cisco:catalyst_5505
cpe:/h:cisco:catalyst_5509
cpe:/h:cisco:catalyst_6000_ws-x6380-nam:2.1%282%29
cpe:/h:cisco:catalyst_6000_ws-svc-nam-1:2.2%281a%29
cpe:/h:cisco:catalyst_6000_ws-svc-nam-2:2.2%281a%29
cpe:/h:cisco:catalyst_6000_ws-svc-nam-1:3.1%281a%29
cpe:/h:cisco:catalyst_6000_ws-svc-nam-2:3.1%281a%29
cpe:/h:cisco:catalyst_6000
cpe:/h:cisco:catalyst_6500_ws-x6380-nam:3.1%281a%29
cpe:/h:cisco:catalyst_6500
cpe:/h:cisco:catalyst_6500_ws-svc-nam-1:3.1%281a%29
cpe:/h:cisco:catalyst_4908g-l3
cpe:/h:cisco:catalyst_6500_ws-svc-nam-2:3.1%281a%29
cpe:/h:cisco:catalyst_4912g
cpe:/h:cisco:catalyst_6500_ws-svc-nam-1:2.2%281a%29
cpe:/h:cisco:catalyst_5000
cpe:/h:cisco:catalyst_6500_ws-svc-nam-2:2.2%281a%29
cpe:/h:cisco:catalyst_5500
cpe:/h:cisco:catalyst_7600_ws-svc-nam-1:2.2%281a%29
cpe:/h:cisco:catalyst_7600_ws-svc-nam-2:2.2%281a%29
cpe:/h:cisco:catalyst_6624
cpe:/h:cisco:catalyst_7600_ws-x6380-nam:2.1%282%29
cpe:/h:cisco:catalyst_7600
cpe:/h:cisco:catalyst_8500
cpe:/h:cisco:catalyst_6608
cpe:/h:cisco:catalyst_2950
cpe:/h:cisco:catalyst_3500xl
cpe:/h:cisco:catalyst_3500
cpe:/h:cisco:catalyst_2948
cpe:/h:cisco:catalyst_2900xl
cpe:/h:cisco:catalyst_2948g-l3
cpe:/h:cisco:catalyst_2948g
cpe:/h:cisco:catalyst_6500_ws-x6380-nam:2.1%282%29
cpe:/h:cisco:catalyst_4506
cpe:/h:cisco:catalyst_4503
cpe:/h:cisco:catalyst_4510r
cpe:/h:cisco:catalyst_4507r
cpe:/h:cisco:catalyst_3750
cpe:/h:cisco:catalyst_3550
cpe:/h:cisco:catalyst_6513:-
cpe:/h:cisco:catalyst_4500
cpe:/h:cisco:catalyst_6513-e:-
cpe:/h:cisco:catalyst_4000
cpe:/h:cisco:catalyst_2900
cpe:/h:cisco:catalyst_2900_vlan
cpe:/h:cisco:catalyst_4840g
cpe:/h:cisco:catalyst_4948
cpe:/h:cisco:catalyst_8510msr
cpe:/h:cisco:catalyst_8510csr
cpe:/h:cisco:catalyst_7600_ws-svc-nam-2:3.1%281a%29
cpe:/h:cisco:catalyst_4232-13
cpe:/h:cisco:catalyst_7600_ws-svc-nam-1:3.1%281a%29
cpe:/h:cisco:catalyst_7600_ws-x6380-nam:3.1%281a%29
cpe:/h:cisco:catalyst_ws-c2924-xl
cpe:/h:cisco:catalyst_4200
cpe:/h:cisco:catalyst_4224
cpe:/h:cisco:catalyst_4232
cpe:/h:cisco:catalyst_8540msr
cpe:/h:cisco:catalyst_8540csr

* Denotes Vulnerable Software
Changes related to vulnerability configurations

Technical Details

Vulnerability Type (View All)
  • Resource Management Errors (CWE-399)