National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/h:cisco:content_services_switch_11000:-
There are 9 matching records.
Vuln ID Summary CVSS Severity
CVE-2007-4654

Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024.

Published: September 04, 2007; 06:17:00 PM -04:00
    V2: 5.0 MEDIUM
CVE-2006-4352

The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information.

Published: August 25, 2006; 06:04:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2005-0356

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.

Published: May 31, 2005; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2004-0352

Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002.

Published: November 23, 2004; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2003-1132

The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server.

Published: December 31, 2003; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-0870

The original patch for the Cisco Content Service Switch 11000 Series authentication bypass vulnerability (CVE-2001-0622) was incomplete, which still allows remote attackers to gain additional privileges by directly requesting the web management URL instead of navigating through the interface, possibly via a variant of the original attack, as identified by Cisco bug ID CSCdw08549.

Published: September 05, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0792

The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0621

The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands.

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-0622

The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface.

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH