Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

pix firewall 501 wit http get vulnerability

Is it possible to load 6.5.(112)

on a pix 501? or is there a workaround on how to fix this:

Description:

George D. Gal has reported a vulnerability in Cisco PIX/ASA/FWSM, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error within the handling of fragmented HTTP requests. This can be exploited to bypass Websense URL filtering and gain access to restricted websites via HTTP GET requests that are fragmented into multiple packets.

Successful exploitation requires that PIX, ASA, or FWSM are configured to use Websense/N2H2 for content filtering.

The vulnerability has been reported in the following products:

* Cisco PIX software version 6.3.x and older.

* Cisco PIX/ASA software version 7.x.

* Cisco FWSM software version 2.3 and 3.1.

Solution:

Update to the fixed versions.

FWSM version 2.3:

Update to version 2.3(4).

http://www.cisco.com/pcgi-bin/tablebuild.pl/cat6000-fwsm?psrtdcat20e2

FWSM version 3.1:

Update to version 3.1(1.7).

Contact Cisco TAC or Cisco support partner for the updates.

PIX version 6.3.x:

Update to version 6.3.5(112).

Contact Cisco TAC or Cisco support partner for the updates.

130
Views
0
Helpful
0
Replies