VAR-200308-0163
Vulnerability from variot - Updated: 2025-04-03 22:25Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request. IOS is prone to a remote security vulnerability. Cisco IOS is a very widely deployed network operating system. Many Cisco devices run IOS. The HTTP service program of the Cisco IOS device does not properly handle large data requests. Remote attackers can use this vulnerability to perform buffer overflow attacks on the service, and may run arbitrary commands on the device with system privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200308-0163",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "12.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#579324"
},
{
"db": "BID",
"id": "82775"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-123"
},
{
"db": "NVD",
"id": "CVE-2003-0647"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FX fx@phenoelit.de",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200308-123"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0647",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2003-0647",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-7475",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-0647",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#579324",
"trust": 0.8,
"value": "15.82"
},
{
"author": "CNNVD",
"id": "CNNVD-200308-123",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-7475",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#579324"
},
{
"db": "VULHUB",
"id": "VHN-7475"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-123"
},
{
"db": "NVD",
"id": "CVE-2003-0647"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request. IOS is prone to a remote security vulnerability. Cisco IOS is a very widely deployed network operating system. Many Cisco devices run IOS. The HTTP service program of the Cisco IOS device does not properly handle large data requests. Remote attackers can use this vulnerability to perform buffer overflow attacks on the service, and may run arbitrary commands on the device with system privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0647"
},
{
"db": "CERT/CC",
"id": "VU#579324"
},
{
"db": "BID",
"id": "82775"
},
{
"db": "VULHUB",
"id": "VHN-7475"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#579324",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2003-0647",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "9397",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1007342",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200308-123",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20030731 SENDING 2GB DATA IN GET REQUEST CAUSES BUFFER OVERFLOW IN CISCO IOS SOFTWARE",
"trust": 0.6
},
{
"db": "BID",
"id": "82775",
"trust": 0.4
},
{
"db": "SEEBUG",
"id": "SSVID-15253",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-7475",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#579324"
},
{
"db": "VULHUB",
"id": "VHN-7475"
},
{
"db": "BID",
"id": "82775"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-123"
},
{
"db": "NVD",
"id": "CVE-2003-0647"
}
]
},
"id": "VAR-200308-0163",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7475"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:25:18.366000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0647"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sn-20030730-ios-2gb-get.shtml"
},
{
"trust": 2.0,
"url": "http://www.kb.cert.org/vuls/id/579324"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/en/us/products/sw/iosswrel/ps1831/products_tech_note09186a00801a97e1.shtml"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/9397/"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2003/jul/1007342.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#579324"
},
{
"db": "VULHUB",
"id": "VHN-7475"
},
{
"db": "BID",
"id": "82775"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-123"
},
{
"db": "NVD",
"id": "CVE-2003-0647"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#579324"
},
{
"db": "VULHUB",
"id": "VHN-7475"
},
{
"db": "BID",
"id": "82775"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-123"
},
{
"db": "NVD",
"id": "CVE-2003-0647"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-07-31T00:00:00",
"db": "CERT/CC",
"id": "VU#579324"
},
{
"date": "2003-08-27T00:00:00",
"db": "VULHUB",
"id": "VHN-7475"
},
{
"date": "2003-08-27T00:00:00",
"db": "BID",
"id": "82775"
},
{
"date": "2003-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200308-123"
},
{
"date": "2003-08-27T04:00:00",
"db": "NVD",
"id": "CVE-2003-0647"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-08-11T00:00:00",
"db": "CERT/CC",
"id": "VU#579324"
},
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-7475"
},
{
"date": "2003-08-27T00:00:00",
"db": "BID",
"id": "82775"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200308-123"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2003-0647"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200308-123"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS HTTP Server vulnerable to buffer overflow when processing overly large malformed HTTP GET request",
"sources": [
{
"db": "CERT/CC",
"id": "VU#579324"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200308-123"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…