CISCO-SA-IOS-HTTP-DOS-SBV8XRPL

Vulnerable Products:

This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS Software or IOS XE Software Release 3E and they have the HTTP Server feature enabled with an active WEB_EXEC module.

For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory. Determine the HTTP Server Configuration To determine whether a device that is running a vulnerable software release is using a vulnerable configuration, use the following steps.

Step 1. Determine Whether the HTTP Server Is Enabled

To determine whether the HTTP Server feature is enabled on a device, log in to the device and use the show running-config | include ip http server|secure command in the CLI to check for the presence of the ip http server command or the ip http secure-server command in the global configuration. If either command is present, the HTTP Server feature is enabled for the device.

The following example shows the output of the show running-config | include ip http server|secure command for a device that has the HTTP Server feature enabled:

Router# show running-config | include ip http server|secure|active ip http server ip http secure-server

Note: The presence of either command or both commands in the device configuration indicates that the web UI feature is enabled.

If the command returns output, proceed to Step 2. If the output is empty, the device is not affected by this vulnerability.

Step 2. Determine Whether WEB_EXEC Module Is Active

To determine whether a device uses the WEB_EXEC module, use the show ip http server session-module | include Status|WEB_EXEC command in the CLI.

If the output in Step 1 included ip http server, check the value of Status in the command output. If Status is Active, the device is affected by this vulnerability over HTTP.

If the output in Step 1 included ip http secure-server, check the value of Secure-status in the...