CVE-2000-0380

Cisco Ios - Improper Input Validation

Title source: rule

Description

The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.

Exploits (2)

metasploit WORKING POC
by aushack · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/cisco/ios_http_percentpercent.rb
exploitdb WORKING POC VERIFIED
by Keith Woodworth · perlremotehardware
https://www.exploit-db.com/exploits/19882

References (4)

Scores

EPSS 0.8512
EPSS Percentile 99.3%

Classification

CWE
CWE-20
Status draft

Affected Products (39)

cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
... and 24 more

Timeline

Published Apr 26, 2000
Tracked Since Feb 18, 2026