Published: 23/09/2010 Updated: 24/09/2010
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, when HTTP port redirection is enabled, allows remote malicious users to cause a denial of service (memory consumption) by improperly disconnecting SSL sessions, leading to connections that remain in the CLOSE-WAIT state, aka Bug ID CSCtg21685.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

cisco ios 12.4mr

cisco ios 12.4

cisco ios 12.4gc

cisco ios 12.4mda

cisco ios 12.4xm

cisco ios 12.4xn

cisco ios 12.4xp

cisco ios 12.4xt

cisco ios 12.4sw

cisco ios 12.4xb

cisco ios 12.4xg

cisco ios 12.4xk

cisco ios 12.4xw

cisco ios 12.4xz

cisco ios 15.1\\(1\\)xb1

cisco ios 12.4xc

cisco ios 12.4xd

cisco ios 12.4xe

cisco ios 12.4xf

cisco ios 12.4yb

cisco ios 12.4yd

cisco ios 15.0m

cisco ios 15.0xa

cisco ios 12.4mra

cisco ios 12.4xa

cisco ios 12.4xj

cisco ios 12.4xl

cisco ios 12.4xv

cisco ios 12.4xy

cisco ios 12.4ya

cisco ios 15.1t

Vendor Advisories

Cisco IOS® Software contains a vulnerability when the Cisco IOS SSL VPN feature is configured with an HTTP redirect Exploitation could allow a remote, unauthenticated user to cause a memory leak on the affected devices, that could result in a memory exhaustion condition that may cause device reloads, the inability to service new TCP connections, ...