CVE-2000-0984

EXPLOITED

Cisco IOS 12.0-12.1 - Denial of Service via HTTP Server Query String

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2000-0984 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Alberto Solino.

AI-analyzed exploit summary This is a writeup describing a DoS vulnerability in Cisco IOS devices where a URL containing '?/' can cause an infinite loop and crash. It requires knowledge of the enable password and affects specific Cisco router models.

Description

The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Alberto Solino · textdoshardware
https://www.exploit-db.com/exploits/20323

This is a writeup describing a DoS vulnerability in Cisco IOS devices where a URL containing '?/' can cause an infinite loop and crash. It requires knowledge of the enable password and affects specific Cisco router models.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Cisco IOS (various versions on multiple device models)
Auth required
Prerequisites: Knowledge of the enable password · Vulnerable Cisco IOS device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_cisco
http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1838
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5412

Scores

EPSS 0.4036
EPSS Percentile 97.5%

Details

VulnCheck KEV 2025-05-22
Status published
Products (24)
cisco/ios 12.0t
cisco/ios 12.0w5
cisco/ios 12.0xa
cisco/ios 12.0xe
cisco/ios 12.0xh
cisco/ios 12.0xj
cisco/ios 12.1aa
cisco/ios 12.1da
cisco/ios 12.1db
cisco/ios 12.1dc
... and 14 more
Published Dec 19, 2000
Tracked Since Feb 18, 2026