Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco IOS and IOS XE Software HTTP Client Information Disclosure Vulnerability
Vulnerability Description
A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new requests to existing, persistent HTTP connections. An attacker could exploit this vulnerability by acting as a man-in-the-middle and then reading and/or modifying data that should normally have been sent through an encrypted channel.
CVSS Information
N/A
Vulnerability Type
资源管理错误
Vulnerability Title
Cisco IOS和IOS XE 资源管理错误漏洞
Vulnerability Description
Cisco IOS和IOS XE都是美国思科(Cisco)公司的一套为其网络设备开发的操作系统。 Cisco IOS和IOS XE中的HTTP客户端功能存在资源管理错误漏洞,该漏洞源于程序在将新请求匹配已存在的HTTP连接时,没有考虑TCP端口信息。远程攻击者可利用该漏洞读取并修改本应通过加密通道传输的数据。
CVSS Information
N/A
Vulnerability Type
N/A