Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module are affected by multiple vulnerabilities as follows:
Monthly Archives: October 2011
WatchGuard Protects Apple Users
Provides Seamless and Highly Secure Data Encryption Tunneling for Apple iPhone, iPad and other iOS Devices to WatchGuard Next-Generation Firewalls
Directory Traversal Vulnerability in Cisco Network Admission Control Manager
Cisco Network Admission Control (NAC) Manager contains a directory traversal vulnerability that may allow an unauthenticated attacker to obtain system information.
Multiple Vulnerabilities in Cisco Firewall Services Module
The Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers is affected by the following vulnerabilities:
Advisory: mod_proxy reverse proxy exposure (CVE-2011-3368)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache HTTP Server Security Advisory ==================================== Title: mod_proxy reverse proxy exposure CVE: CVE-2011-3368 Date: 20111005 Product: Apache HTTP Server Versions: httpd 1.3 all versions, httpd 2.x all versions Description: ============ An exposure was reported affecting the use of Apache HTTP Server in reverse proxy mode. We would like to thank Context Information Security Ltd for reporting this issue to us. When using the RewriteRule or ProxyPassMatch directives to configure a reverse proxy using a pattern match, it is possible to inadvertently expose internal servers to remote users who send carefully crafted requests. The server did not validate that the input to the pattern match was a valid path string, so a pattern could expand to an unintended target URL. For future releases of the Apache HTTP Server, the software will validate the request URI, correcting this specific vulnerability. The documentation has been updated to reflect the more general risks with pattern matching in a reverse proxy configuration. Details: ======== A configuration like one of the following examples: RewriteRule (.*).(jpg|gif|png) http://images.example.com$1.$2 [P] ProxyPassMatch (.*).(jpg|gif|png) http://images.example.com$1.$2 could result in an exposure of internal servers. A request of the form: GET @other.example.com/something.png HTTP/1.1 would get translated to a target of: http://[email protected]/something.png This will cause the proxy to connect to the hostname "other.example.com", as the "images.example.com@" segment would be treated as user credentials when parsing the URL. This would allow a remote attacker the ability to proxy to hosts other than those expected, which could be a security exposure in some circumstances. The request-URI string in this example, "@other.example.com/something.png", is not valid according to the HTTP specification, since it neither an absolute URI ("http://example.com/path") nor an absolute path ("/path"). For future releases, the server has been patched to reject such requests, instead returning a "400 Bad Request" error. Actions: ======== Apache HTTPD users should examine their configuration files to determine if they have used an insecure configuration for reverse proxying. Affected users can update their configuration, or apply the patch from: http://www.apache.org/dist/httpd/patches/apply_to_2.2.21/ For example, the above RewriteRule could be changed to: RewriteRule /(.*).(jpg|gif|png) http://images.example.com/$1.$2 [P] to ensure the pattern only matches against paths with a leading "/". -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6MZZAACgkQR/aWnQ5EzwxdfQCg0yX+OplatMPQcweRneRmh5Xp 5sEAoLooi9H4LW12oPgStNbY2wtyQrYP =8qjg -----END PGP SIGNATURE-----
CVE-2011-3368
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. (CVSS:5.0) (Last Update:2013-10-10)
Cisco Identity Services Engine Database Default Credentials Vulnerability
Cisco Identity Services Engine (ISE) contains a set of default credentials for its underlying database. A remote attacker could use those credentials to modify the device configuration and settings or gain complete administrative control of the device.