On Mon, Nov 12, 2001 at 11:48:46AM -0800, Josha Bronson wrote: > Can anyone clarify whether or not a server may be vulnerable only to a > subset of the numbers in the range? Meaning that "/level/17/exec/" may > work to access the system but "/level/99/exec/" may not. Or is it the > nature of this vulnerability that if a system is accessible via one URL > than it would be accessible via all? > On the systems I've tested they all work. Exactly the same we got, the tested network was quite homogenic as it comes to IOS revisions however. All the switches had HTTP enabled, and all were vulnerable. -- Paweł Krawczyk *** home: <http://ceti.pl/~kravietz/> security: <http://ipsec.pl/> *** fidonet: 2:486/23 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Nov 13 2001 - 13:00:21 PST