COMMAND

    Cisco

SYSTEMS AFFECTED

    Cisco with enabled ip httpd server

PROBLEM

    Keith Woodworth found following.  If you have:

        ip http server

    in your running config (not a great idea to have on a live router)
    on your router and you do:

        http://<router-ip>/%%

    it crashes said router.  It was confirmed on 1005 running 11.1(24)
    and another fellow said it worked on his 2621 and 2524 (though  he
    didnt give  IOS versions).   For detail  list of  affected ciscos,
    see solution section.

SOLUTION

    A workaround is to turn off management via HTTP by configuring:

        no ip http server

    and saving  the configuration  so that  it is  not enabled  at the
    next reload.

    The following list of products are affected if they are running  a
    release of Cisco  IOS software that  has the defect.  To determine
    if a Cisco product is running IOS, log in to the device and  issue
    the  command  show  version.   Classic  Cisco  IOS  software  will
    identify itself simply as "Internetwork Operating System Software"
    or "IOS (tm)" software and  will display a version number.   Other
    Cisco devices either  will not have  the show version  command, or
    will give different output.   Compare the version number  obtained
    from  the  router  with  the  versions  presented  in the Software
    Versions  and  Fixes  section  below.   Cisco  devices that may be
    running affected releases include:

    * Cisco routers  in the AGS/MGS/CGS/AGS+,  IGS, RSM, 800,  ubr900,
      1000, 2500, 2600,  3000, 3600, 3800,  4000, 4500, 4700,  AS5200,
      AS5300,  AS5800,  6400,  7000,  7200,  ubr7200,  7500, and 12000
      series.
    * Most recent versions of the LS1010 ATM switch.
    * The Catalyst 6000 if it is running IOS.
    * Some versions of the Catalyst 2900XL LAN switch.
    * The Cisco DistributedDirector.

    The following  table summarizes  the major  releases of  Cisco IOS
    software  affected  by  the  defect  described  in this notice and
    scheduled dates on which the earliest corresponding fixed releases
    will be available.  All dates are tentative and subject to change.
    Each row of the table shows the earliest release that contains the
    fix  for  the  vulnerability  in  the  "Rebuild",  "Interim",   or
    "Maintenance"  columns,   presented  in   release  number   order.
    A   Maintenance   Release   is   the   most   heavily-tested   and
    highly-recommended release in a given  row.  A Rebuild Release  is
    constructed  from  the  previous  maintenance  or mainline release
    with the addition of a code fix for the specific defect.  Although
    it receives less testing than  a maintenance release, it is  built
    from  the  previous  maintenance  release  and  includes  only the
    minimum  changes  necessary  to  address  the specific defect.  An
    Interim Release has much  less testing than a  maintenance release
    and should be selected only if there is no other suitable  release
    that fixes the defect.

     ---------+------------------+-------------------------------------------
       Major  |   Description or |
      Release |      Platform    |      Availability of Repaired Releases*
     ---------+------------------+-------------+--------------+--------------
     Unaffected Earlier Releases |    Rebuild  |   Interim**  |  Maintenance
     ---------+------------------+-------------+--------------+--------------
    11.0 &	   |    	      | 	    |		   |
    earlier,  |                  | Not         | Not	   |
    all       | Numerous         | vulnerable  | vulnerable   | Not vulnerable
    variants  |    	      | 	    |		   |
     ---------+------------------+-------------+--------------+--------------
         11.1-based Releases     |    Rebuild  |   Interim**  |  Maintenance
     ---------+------------------+-------------+--------------+--------------
              | General	      | 	    |		   |
    11.1      | Deployment (GD): | Unavailable | Unavailable  | Unavailable
              | all platforms    | 	    |		   |
     ---------+------------------+-------------+--------------+--------------
              |                  |             | 11.1(33.2)CA | 11.1(34)CA
    11.1CA    | Core/ISP support:| 	    |		   |
              | rsp, c7200	      | 	    |		   |
              |                  |             | 2000-05-08   | 2000-05-30
     ---------+------------------+-------------+--------------+--------------
              |                  | 11.1(33)CC1 | 11.1(33.1)CC | 11.1(34)CC
    11.1CC    | FIB support: rsp,| 	    |		   |
              | c7200	      | 	    |		   |
              |                  | 2000-05-10  | 2000-05-22   | 2000-06-12
     ---------+------------------+-------------+--------------+--------------
         11.2-based Releases     |    Rebuild  |   Interim**  |  Maintenance
     ---------+------------------+-------------+--------------+--------------
              | General          | 11.2(22a)   | 11.2(22.2)   | 11.2(23)
    11.2      | Deployment (GD): | 	    |		   |
              | all platforms    | 2000-05-29  | 2000-05-08   | 2000-07-10
     ---------+------------------+-------------+--------------+--------------
              | IBM networking,  | 11.2(22a)BC | 11.2(22.1)BC |
    11.2BC    | CIP & TN3270     | 	    |		   |
              | support: rsp     | 2000-05-31  | 2000-05-05   |
     ---------+------------------+-------------+--------------+--------------
              |                  | 11.2(22a)P  | 11.2(22.2)P  | 11.2(23)P
    11.2P     | All platforms    | 	    |		   |
              |                  | 2000-05-29  | 2000-05-08   | 2000-07-17
     ---------+------------------+-------------+--------------+--------------
         11.3-based Releases     |    Rebuild  |   Interim**  |  Maintenance
     ---------+------------------+-------------+--------------+--------------
              | xDSL access      | 11.3(1)DA9  |		   |
    11.3DA    | multiplexer:     | 	    |		   |
              | c6200            | 2000-05-31  |		   |
     ---------+------------------+-------------+--------------+--------------
         12.0-based Releases     |    Rebuild  |   Interim**  |  Maintenance
     ---------+------------------+-------------+--------------+--------------
              | General          | 12.0(11a)   | 12.0(11.1)   | 12.0(12)
    12.0      | Deployment (GD): | 	    |		   |
              | all platforms    | 2000-05-31  | 2000-05-22   | 2000-07-17
     ---------+------------------+-------------+--------------+--------------
              |                  | 12.0(8)DA5  |		   |
    12.0DA    | xDSL support:    | 	    |		   |
              | 6100, 6200	      | 	    |		   |
              |                  | 2000-05-31  |		   |
     ---------+------------------+-------------+--------------+--------------
              |                  | 12.0(10)S1  | 12.0(10.6)S  | 12.0(11)S
    12.0S     | Core/ISP support:| 	    |		   |
              | gsr, rsp, c7200  | 	    |		   |
              |                  | 2000-05-03  | 2000-05-15   | 2000-05-29
     ---------+------------------+-------------+--------------+--------------
              |                  |             | 12.0(10.6)SC | 12.0(11)SC
    12.0SC    | Cable/broadband  | 	    |		   |
              | ISP: ubr7200     | 	    |		   |
              |                  |             | 2000-05-15   | 2000-05-30
     ---------+------------------+-------------+--------------+--------------
              |                  | 12.0(9)SL1  |              | 12.0(10)SL
    12.0SL    | 10000 ESR: c10k  | 	    |		   |
              |                  | 2000-05-15  |              | 2000-05-31
     ---------+------------------+-------------+--------------+--------------
              |                  | 12.0(9)ST1  |              | 12.0(10)ST
    12.0ST    | MPLS/VPN support:| 	    |		   |
              | gsr, rsp, c7200  | 	    |		   |
              |                  | 2000-05-31  |              | 2000-06-12
     ---------+------------------+-------------+--------------+--------------
              | cat8510c,        |             |              | 12.0(5)W5(13d)
              | cat8540c, c6msm  | 	    |		   |
              |                  |             |              | 2000-05-19
              +------------------+-------------+--------------+--------------
              | ls1010, cat8510m,|             |              | 12.0(7)W5(15c)
              | cat8540m	      | 	    |		   |
              |                  |             |              | 2000-05-08
              +------------------+-------------+--------------+--------------
    12.0W5    |                  |             |              | 12.0(7)W5(15d)
              | cat2948g, cat4232| 	    |		   |
              |                  |             |              | 2000-05-12
              +------------------+-------------+--------------+--------------
              | c5atm, c5atm,    |             |              | 12.0(9)W5(17a)
              | c3620, c3640,    | 	    |		   |
              | c4500, c5rsfc,   | 	    |		   |
              | c5rsm, c7200, rsp|             |              | 2000-05-22
     ---------+------------------+-------------+--------------+--------------
         12.1-based Releases     |    Rebuild  |   Interim**  |  Maintenance
     ---------+------------------+-------------+--------------+--------------
              | General          | 12.1(1b)    | 12.1(2.1)    | 12.1(3)
    12.1      | Deployment (GD)  | 	    |		   |
              | candidate: all   | 	    |		   |
              | platforms        | 2000-05-01  | 2000-05-15   | 2000-07-10
     ---------+------------------+-------------+--------------+--------------
              | Access & Dial    | 	    |		   |
              | Early Deployment | 12.1(1)AA2  |              | 12.1(2)AA
    12.1AA    | (ED): c5200,     | 	    |		   |
              | c5300, c5800,    | 2000-05-31  |              | 2000-05-22
              | dsc-c5800	      | 	    |		   |
     ---------+------------------+-------------+--------------+--------------
              |                  |             |              | 12.1(1)DA
    12.1DA    | xDSL support:    | 	    |		   |
              | 6160, 6260	      | 	    |		   |
              |                  |             |              | 2000-05-11
     ---------+------------------+-------------+--------------+--------------
              |                  |             |              | 12.1(1)DB
    12.1DB    | xDSL support:    | 	    |		   |
              | c6400	      | 	    |		   |
              |                  |             |              | 2000-05-30
     ---------+------------------+-------------+--------------+--------------
              |                  |             |              | 12.1(1)DC
    12.1DC    | xDSL NRP support:| 	    |		   |
              | c6400r	      | 	    |		   |
              |                  |             |              | 2000-05-15
     ---------+------------------+-------------+--------------+--------------
              | ELB Early	      | 	    |		   |
              | Deployment (ED): | 12.1(1)E2   |              | 12.1(2)E
    12.1E     | cat6k, 8500,     | 	    |		   |
              | ls1010, 7500,    | 2000-05-04  |              | 2000-05-30
              | 7200, 7100	      | 	    |		   |
     ---------+------------------+-------------+--------------+--------------
              | Cable/broadband  |             |              | 12.1(2)EC
    12.1EC    | Early Deployment | 	    |		   |
              | (ED): ubr7200    |             |              | 2000-05-30
     ---------+------------------+-------------+--------------+--------------
              | New technology   |             | 12.1(2.0.1)T2| 12.1(2)T
    12.1T     | Early Deployment | 	    |		   |
              | (ED): all	      | 	    |		   |
              | platforms        |             | 2000-05-01   | 2000-05-22
     ---------+------------------+-------------+--------------+--------------
              |                  | 12.1(1)XA3  |              | 12.1(2)T***
    12.1XA*** | Obsolete	      | 	    |		   |
              |                  | 2000-05-31  |              | 2000-05-22
     ---------+------------------+-------------+--------------+--------------
              | Early Deployment |             |              | 12.1(1)XD
    12.1XD    | (ED): limited    | 	    |		   |
              | platforms        |             |              | 2000-05-15
     ---------+------------------+-------------+--------------+--------------
              | Early Deployment |             |              | 12.1(1)XE
    12.1XE    | (ED): limited    | 	    |		   |
              | platforms        |             |              | 2000-05-08
     ---------+------------------+-------------+--------------+--------------
                                       Notes
     ------------------------------------------------------------------------
       * All dates are estimated and subject to change.
      ** Interim  releases are  subjected to  less rigorous  testing than
         regular maintenance releases, and may have serious bugs.
     *** 12.1XA is obsolete. Customers should upgrade to 12.1(2)T when it
         becomes available. This is not a misprint.