Hello Matthew,
The following field alert confirms that you are not vulnerable to this alert, if http server functionality is disabled ie via the [no ip http server] cmd:
http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml
As the 4006 does not run IOS, this device would not be vulnerable.
Additionally, details regards a sw fix for the Cisco IOS HTTP Server Query Vulnerability within the 12.0 XU release, was not detailed in release-notes nor the associated Field Alert:
I have contacted the Development Engineers responsible for this fix and have confirmation of 3500-XL (and 2900-XL) fix details... are as follows:
- For the 3500-XL - the related bug-id is CSCdu26971, and is fixed in 12.0(5.3)WC
- For the 2900-XL - the bug CSCdr91706 was filed against that platform first whilst running 12.0(5)XU / was not scheduled to be fixed until 12.0(5.3)WC
hope this helps
rgds
steve