Overview
A vulnerability in Cisco ACNS RealServer RealSubscriber may allow a remote attacker to cause a denial of service on an affected device via malformed IP packets.
Description
Cisco Application and Content Networking System (ACNS) is an integrated caching and content-delivery platform. ACNS 5.1 includes RealServer as an optional component. RealSubscriber is RealServer configured for subscriber-only mode. RealSubscriber is disabled by default. Specially crafted packets may cause RealSubscriber to consume 100% of the CPU of an affected device. A reboot of the device is required to recover. |
Impact
A remote, unauthenticated attacker could cause a denial-of-service condition on an affected system. |
Solution
Apply a patch or upgrade Please refer to the "Software Versions and Fixes" section of the Cisco Security Advisory for more information on upgrading. |
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.cisco.com/warp/public/707/cisco-sa-20050224-acnsdos.shtml
- http://www.cisco.com/univercd/cc/td/doc/product/webscale/uce/acns51/deploy51/51stream.htm#wp1039106
- http://secunia.com/advisories/14395/
- http://securitytracker.com/alerts/2005/Feb/1013286.html
- http://xforce.iss.net/xforce/xfdb/19469
- http://osvdb.org/displayvuln.php?osvdb_id=14122
Acknowledgements
This vulnerability was reported by the Cisco Systems Product Security Incident Response Team (PSIRT).
This document was written by Will Dormann.
Other Information
| CVE IDs: | CVE-2005-0598 |
| Severity Metric: | 3.47 |
| Date Public: | 2005-02-24 |
| Date First Published: | 2005-03-10 |
| Date Last Updated: | 2005-03-10 22:00 UTC |
| Document Revision: | 7 |