CVE-2000-0380

Cisco Ios - Improper Input Validation

Title source: rule

Description

The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Keith Woodworth · perlremotehardware

https://www.exploit-db.com/exploits/19882

View Code ZIP pw:eip

metasploit WORKING POC

by aushack · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/cisco/ios_http_percentpercent.rb

View Code ZIP pw:eip

References (4)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-04/0261.html

[Vendor Advisory] http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml

[Third Party Advisory, VDB Entry] http://www.osvdb.org/1302

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/1154

Scores

EPSS 0.8512

EPSS Percentile 99.4%

Details

CWE

CWE-20

Status published

Products (39)

cisco/ios 11.1

cisco/ios 11.2

cisco/ios 11.2\(4\)f1

cisco/ios 11.2\(8\)

cisco/ios 11.2\(8\)p

cisco/ios 11.2\(9\)p

cisco/ios 11.2\(9\)xa

cisco/ios 11.2\(10\)

cisco/ios 11.2\(10\)bc

cisco/ios 11.2\(17\)

... and 29 more

Published Apr 26, 2000

Tracked Since Feb 18, 2026