CVE-2011-1649

Current Description

The Internet Streamer application in Cisco Content Delivery System (CDS) with software 2.5.7, 2.5.8, and 2.5.9 before build 126 allows remote attackers to cause a denial of service (Web Engine crash) via a crafted URL, aka Bug IDs CSCtg67333 and CSCth25341.

Basic Data

PublishedMay 31, 2011
Last ModifiedSeptember 07, 2011
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-399
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.8
SeverityHIGH
Exploitability Score10.0
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareCiscoContent Delivery System Engine********
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationCiscoContent Delivery System2.5.7*******
      2.3ApplicationCiscoContent Delivery System2.5.8*******
      2.3ApplicationCiscoContent Delivery System2.5.9*******

Vulnerable Software List

VendorProductVersions
Cisco Content Delivery System Engine *
Cisco Content Delivery System 2.5.7, 2.5.8, 2.5.9

References

NameSourceURLTags
20110525 Cisco Content Delivery System Internet Streamer: Web Server Vulnerabilityhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f18b.shtmlCISCOVendor Advisory
1025564http://www.securitytracker.com/id?1025564SECTRACK