Cisco ios xr Software lighttpd TCP session Denial of Service Vulnerability
Release date:
Updated on:
Affected Systems:
Cisco IOS XR
Description:
Bugtraq id: 71287
CVE (CAN) ID: CVE-2014-8005
Cisco IOS is an interconnected network operating system used on most Cisco system routers and network switches.
The lighttpd module of Cisco ios xr Software has a race condition vulnerability in TCP session processing. unauthenticated remote attackers can exploit this vulnerability to overload the lighttpd process.
<* Source: Cisco
Link: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8005
*>
Suggestion:
Vendor patch:
Cisco
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8005
This article permanently updates the link address: