SB2011100404 - Multiple vulnerabilities in Nextcloud ios

Description

This security bulletin contains information about 2 vulnerabilities.

1) Memory leak (CVE-ID: CVE-2011-3273)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within Cisco IOS 15.0 through 15.1, when IPS or Zone-Based Firewall (aka ZBFW) is configured, allows remote attackers to cause a denial of service (memory consumption or device crash) via vectors that trigger many session creation flows, aka Bug ID CSCti79848. A remote attacker can perform a denial of service attack.

2) Input validation error (CVE-ID: CVE-2011-3281)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain HTTP Layer 7 Application Control and Inspection configurations, allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTP packet, aka Bug ID CSCto68554.

Remediation

Install update from vendor's website.

References

• http://tools.cisco.com/security/center/viewAlert.x?alertId=24123
• http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d57.shtml
• http://tools.cisco.com/security/center/viewAlert.x?alertId=24124