cvelistv5 - cve-2000-0984

CVE-2000-0984 (GCVE-0-2000-0984)

Vulnerability from cvelistv5

Published

2001-01-22 05:00

Modified

2024-08-08 05:37

Severity ?

CWE

Summary

The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

fkie_cve-2000-0984

Vulnerability from fkie_nvd

Published

2000-12-19 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string.

References

URL	Tags
cve@mitre.org	http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/1838	Exploit, Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/5412
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/1838	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/5412

Impacted products

Vendor	Product	Version
cisco	ios	12.0t
cisco	ios	12.0w5
cisco	ios	12.0xa
cisco	ios	12.0xe
cisco	ios	12.0xh
cisco	ios	12.0xj
cisco	ios	12.1aa
cisco	ios	12.1da
cisco	ios	12.1db
cisco	ios	12.1dc
cisco	ios	12.1ec
cisco	ios	12.1t
cisco	ios	12.1xa
cisco	ios	12.1xb
cisco	ios	12.1xc
cisco	ios	12.1xd
cisco	ios	12.1xe
cisco	ios	12.1xf
cisco	ios	12.1xg
cisco	ios	12.1xh
cisco	ios	12.1xi
cisco	ios	12.1xj
cisco	ios	12.1xl
cisco	ios	12.1xp

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0t:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA7F94E8-86FC-456B-A7BB-57953F67F754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0w5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A92DCEF-C205-4145-91B0-DB9991130457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xa:*:*:*:*:*:*:*",
              "matchCriteriaId": "1050ACB3-E5B2-4710-910B-F3DF4B49907F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xe:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ADAB898-7728-4C14-B69A-7B8B06AFC894",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xh:*:*:*:*:*:*:*",
              "matchCriteriaId": "54424787-34AC-410D-985F-511ADB2BB144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.0xj:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6A0D017-F26F-4429-891E-C7E1C66B6588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1aa:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6FFE33-2891-48E5-9D0C-C52F88B2D76C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1da:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9427851-B0DC-4CE6-8BFA-60619D1DC87C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1db:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D07DD94-0925-4FEE-9565-5F36B9AAF448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1dc:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC3A67F5-05C6-4097-A88E-0A0F165C12EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1ec:*:*:*:*:*:*:*",
              "matchCriteriaId": "46FF39C5-CC37-4573-BB18-36254D38509B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
              "matchCriteriaId": "752C3C6B-910D-4153-A162-DF255F60306B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xa:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1BBE2FF-5DAE-447A-9C3D-3F48B24AECA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xb:*:*:*:*:*:*:*",
              "matchCriteriaId": "297FAD97-60C0-473D-A18D-03657B81B7E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xc:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AD4A33B-B13E-40C6-B47F-A406ACC6664F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xd:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E488E6E-87F0-4292-B97B-31087FDB4655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xe:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D199CB1-A2A3-4678-9503-C5B61281755C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xf:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5D743DF-838A-4E7A-A4FC-BB5EB7D93CFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xg:*:*:*:*:*:*:*",
              "matchCriteriaId": "19952DC6-1186-4754-BB1E-BA1D78A19C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xh:*:*:*:*:*:*:*",
              "matchCriteriaId": "441CB9D6-5EDB-457B-B59E-D48B01AEAF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xi:*:*:*:*:*:*:*",
              "matchCriteriaId": "28097F62-B51F-4A3B-BB31-6FA67E8C8B5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xj:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E8AF76-0A1D-4BAE-BF10-D63080352E6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xl:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B674647-4438-4450-9DCA-25184D4E2682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1xp:*:*:*:*:*:*:*",
              "matchCriteriaId": "71FB7128-CF11-4903-97D7-418403A03CD6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a \"?/\" string."
    }
  ],
  "id": "CVE-2000-0984",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2000-12-19T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/1838"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/1838"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5412"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string. A vulnerability exists in multiple versions of Cisco's Internetworking Operating System (IOS) software that allows an attacker to force affected switches and routers to crash and reboot. The device will enter an infinite loop when supplied with a URL containing a "?/" and an enable password. Subsequently, the router will crash in two minutes after the watchdog timer has expired and will then reload. In certain cases, the device will not reload and a restart would be required in order to regain normal functionality. This vulnerability is restricted to devices that do not have the enable password set or if the password is known or can be easily predicted. The vulnerable service is only on by default in the Cisco 1003, 1004 and 1005 routers. Users can identify vulnerable or invulnerable devices running IOS by logging onto the device and issuing the ?show version? command. If IOS is running on a vulnerable device the command will return ?Internetwork Operating System Software? or ?IOS (tm)? with a version number. Vulnerable IOS software may be found on the following Cisco devices: Cisco routers in the AGS/MGS/CGS/AGS+, IGS, RSM, 800, ubr900, 1000, 1400, 1500, 1600, 1700, 2500, 2600, 3000, 3600, 3800, 4000, 4500, 4700, AS5200, AS5300, AS5800, 6400, 7000, 7200, ubr7200, 7500, and 12000 series. Recent versions of LS1010 ATM switch. Catalyst 6000 with IOS. Catalyst 2900XL LAN switch with IOS. *Cisco DistributedDirector

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200012-0035",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1xc"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1xi"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1xj"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1xg"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1xh"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1xe"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1xp"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1xd"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1xl"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1xf"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xe"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1da"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0t"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1dc"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0w5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1ec"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1t"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xa"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1aa"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1xb"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xj"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xh"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.1db"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.0xa"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1xp",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1xl",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1xj",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1xi",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1xh",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1xg",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1xf",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1xe",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1xd",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1xc",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1xb",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1xa",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1t",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1ec",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1dc",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1db",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1da",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1aa",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0xj",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0xh",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0xe",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0xa",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0w5",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.0t",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#683677"
      },
      {
        "db": "BID",
        "id": "1838"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200012-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2000-0984"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Discovered by Alberto Solino \u003ccore@core-sdi.com\u003e and publicized in a Cisco Security Advisory on October 25, 2000.",
    "sources": [
      {
        "db": "BID",
        "id": "1838"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2000-0984",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2000-0984",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-2554",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2000-0984",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#683677",
            "trust": 0.8,
            "value": "0.90"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200012-175",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-2554",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#683677"
      },
      {
        "db": "VULHUB",
        "id": "VHN-2554"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200012-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2000-0984"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a \"?/\" string. A vulnerability exists in multiple versions of Cisco\u0027s Internetworking Operating System (IOS) software that allows an attacker to force affected switches and routers to crash and reboot. The device will enter an infinite loop when supplied with a URL containing a \"?/\" and an enable password. Subsequently, the router will crash in two minutes after the watchdog timer has expired and will then reload. In certain cases, the device will not reload and a restart would be required in order to regain normal functionality. \nThis vulnerability is restricted to devices that do not have the enable password set or if the password is known or can be easily predicted. The vulnerable service is only on by default in the Cisco 1003, 1004 and 1005 routers. \nUsers can identify vulnerable or invulnerable devices running IOS by logging onto the device and issuing the ?show version? command.  If IOS is running on a vulnerable device the command will return ?Internetwork Operating System Software? or ?IOS (tm)? with a version number. \nVulnerable IOS software may be found on the following Cisco devices:\n*Cisco routers in the AGS/MGS/CGS/AGS+, IGS, RSM, 800, ubr900, 1000, 1400, 1500, 1600, 1700, 2500, 2600, 3000, 3600, 3800, 4000, 4500, 4700, AS5200, AS5300, AS5800, 6400, 7000, 7200, ubr7200, 7500, and 12000 series. \n*Recent versions of LS1010 ATM switch. \n*Catalyst 6000 with IOS. \n*Catalyst 2900XL LAN switch with IOS. \n*Cisco DistributedDirector",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2000-0984"
      },
      {
        "db": "CERT/CC",
        "id": "VU#683677"
      },
      {
        "db": "BID",
        "id": "1838"
      },
      {
        "db": "VULHUB",
        "id": "VHN-2554"
      }
    ],
    "trust": 1.98
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-2554",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-2554"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "1838",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2000-0984",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "5412",
        "trust": 1.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#683677",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200012-175",
        "trust": 0.7
      },
      {
        "db": "CISCO",
        "id": "20001025 CISCO IOS HTTP SERVER QUERY VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "20323",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-74204",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-2554",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#683677"
      },
      {
        "db": "VULHUB",
        "id": "VHN-2554"
      },
      {
        "db": "BID",
        "id": "1838"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200012-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2000-0984"
      }
    ]
  },
  "id": "VAR-200012-0035",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-2554"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-08-14T13:51:35.266000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2000-0984"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/1838"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5412"
      },
      {
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://www.core-sdi.com/advisories/cisco_ios_web_adm.htm"
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/static/5412.php "
      },
      {
        "trust": 0.8,
        "url": "http://www.cert.org/security-improvement/practices/p069.html"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/5412"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/sec_incident_response.shtml"
      },
      {
        "trust": 0.1,
        "url": ""
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#683677"
      },
      {
        "db": "VULHUB",
        "id": "VHN-2554"
      },
      {
        "db": "BID",
        "id": "1838"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200012-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2000-0984"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#683677"
      },
      {
        "db": "VULHUB",
        "id": "VHN-2554"
      },
      {
        "db": "BID",
        "id": "1838"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200012-175"
      },
      {
        "db": "NVD",
        "id": "CVE-2000-0984"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2000-11-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#683677"
      },
      {
        "date": "2000-12-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-2554"
      },
      {
        "date": "2000-10-25T00:00:00",
        "db": "BID",
        "id": "1838"
      },
      {
        "date": "2000-12-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200012-175"
      },
      {
        "date": "2000-12-19T05:00:00",
        "db": "NVD",
        "id": "CVE-2000-0984"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-03-30T00:00:00",
        "db": "CERT/CC",
        "id": "VU#683677"
      },
      {
        "date": "2018-05-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-2554"
      },
      {
        "date": "2000-10-25T00:00:00",
        "db": "BID",
        "id": "1838"
      },
      {
        "date": "2005-10-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200012-175"
      },
      {
        "date": "2018-05-03T01:29:09.350000",
        "db": "NVD",
        "id": "CVE-2000-0984"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200012-175"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IOS software vulnerable to DoS via HTTP request containing \"?/\"",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#683677"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "unknown",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200012-175"
      }
    ],
    "trust": 0.6
  }
}

gsd-2000-0984

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string.

Aliases

CVE-2000-0984

Aliases

CVE-2000-0984

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2000-0984",
    "description": "The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a \"?/\" string.",
    "id": "GSD-2000-0984"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2000-0984"
      ],
      "details": "The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a \"?/\" string.",
      "id": "GSD-2000-0984",
      "modified": "2023-12-13T01:19:02.716789Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2000-0984",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a \"?/\" string."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20001025 Cisco IOS HTTP Server Query Vulnerability",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml"
          },
          {
            "name": "1838",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/1838"
          },
          {
            "name": "cisco-ios-query-dos(5412)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5412"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0w5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1db:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1dc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xf:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xg:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xh:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xj:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xa:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xb:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xj:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xl:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1aa:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1da:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xd:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xe:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xp:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xa:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.0xe:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1ec:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xh:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1xi:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2000-0984"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a \"?/\" string."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20001025 Cisco IOS HTTP Server Query Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml"
            },
            {
              "name": "1838",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/1838"
            },
            {
              "name": "cisco-ios-query-dos(5412)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5412"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-05-03T01:29Z",
      "publishedDate": "2000-12-19T05:00Z"
    }
  }
}

ghsa-fgvg-x8xj-8xq8

Vulnerability from github

Published

2022-04-30 18:14

Modified

2022-04-30 18:14

Details

The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2000-0984"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2000-12-19T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a \"?/\" string.",
  "id": "GHSA-fgvg-x8xj-8xq8",
  "modified": "2022-04-30T18:14:41Z",
  "published": "2022-04-30T18:14:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2000-0984"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5412"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/1838"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2000-0984 (GCVE-0-2000-0984)

Vulnerability from cvelistv5

fkie_cve-2000-0984

Vulnerability from fkie_nvd

var-200012-0035

Vulnerability from variot

gsd-2000-0984

Vulnerability from gsd

ghsa-fgvg-x8xj-8xq8

Vulnerability from github

Tags

Sightings

Nomenclature