漏洞信息详情
Cisco Cache Engine默认配置任意用户可使用代理漏洞
- CNNVD编号:CNNVD-200208-017
- 危害等级: 高危
- CVE编号: CVE-2002-0778
- 漏洞类型: 未知
- 发布时间: 2002-05-15
- 威胁类型: 远程
- 更新时间: 2005-05-02
- 厂 商: cisco
- 漏洞来源: Cisco Systems Prod...
漏洞简介
Cisco Cache Engine系列产品是CISCO公司开发和维护的网络集成的高速缓存解决方案,可以减少广域网带宽使用,最大限度地提高网络服务质量,提高现有网络的可伸缩性。 Cisco Cache Engine默认配置存在漏洞,可导致远程攻击者滥用代理,连接任意远程IP地址。 Cisco Cache Engine除了对远程WEB服务器提供页面缓冲外,软件也提供使用各种协议如FTP和HTTPS来缓冲数据到其他代理服务器,此功能在产品默认配置中是使能的,由于代理HTTPS服务可以在系统不同端口使用,使的攻击者利用客户端指示设备重定向代理请求打开TCP连接到任意可达IP地址和端口,导致滥用资源和隐藏连接源地址等操作。
漏洞公告
临时解决方法: 如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* 使用如下配置方法来使设备只重定向端口为443的代理请求:
https destination-port allow 443
https destination-port deny all
* 如果HTTPS代理不需要,请使用如下命令关闭HTTPS服务:
https
destination-port allow 443 厂商补丁: Cisco ----- Cisco已经为此发布了一个安全公告(Cisco-transparentcache-tcp-relay-vuln)以及相应补丁:
Cisco-transparentcache-tcp-relay-vuln:Transparent Cache Engine and Content Engine TCP Relay Vulnerability
链接: http://www.cisco.com/warp/public/707/transparentcache-tcp-relay-vuln-pub.sHTML
补丁下载:
Cisco Cache Engine 505 :
Cisco Cache Engine 570 :
Cisco Content Engine 507 :
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Engine 560 :
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Engine 590 :
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Engine 7320 :
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Router 4430 :
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Distribution Manager 4630 :
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Distribution Manager 4650 :
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Cache Engine 550 :
Cisco Cache Engine 550 2.2 .0:
Cisco Cache Engine 505 2.2 .0:
Cisco Cache Engine 570 2.2 .0:
Cisco Content Engine 507 2.2 .0:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Engine 560 2.2 .0:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Engine 590 2.2 .0:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Engine 7320 2.2 .0:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Cache Engine 570 3.0:
Cisco Cache Engine 505 3.0:
Cisco Cache Engine 550 3.0:
Cisco Content Engine 507 3.1:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Engine 560 3.1:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Engine 590 3.1:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Engine 7320 3.1:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Engine 507 4.0:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Engine 560 4.0:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Engine 590 4.0:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Engine 7320 4.0:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Cache Engine 550 4.0:
Cisco Cache Engine 505 4.0:
Cisco Cache Engine 570 4.0:
Cisco Content Router 4430 4.0:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Distribution Manager 4630 4.0:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Distribution Manager 4650 4.0:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Distribution Manager 4650 4.1:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Distribution Manager 4630 4.1:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Router 4430 4.1:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Engine 507 4.1:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Engine 560 4.1:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Engine 590 4.1:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
Cisco Content Engine 7320 4.1:
Cisco Upgrade ACNS 4.1(3.3)
http://www.cisco.com/tac
参考网址
来源: BID 名称: 4751 链接:http://www.securityfocus.com/bid/4751 来源: XF 名称: cisco-cache-content-tcp-forward(9082) 链接:http://www.iss.net/security_center/static/9082.php 来源: CISCO 名称: 20020528 Transparent Cache Engine and Content Engine TCP Relay Vulnerability 链接:http://www.cisco.com/warp/public/707/transparentcache-tcp-relay-vuln-pub.sHTML
受影响实体
- Cisco Content_router_4430:4.1
- Cisco Content_router_4430:4.0
- Cisco Content_router_4430
- Cisco Cache_engine_570:570
- Cisco Cache_engine_570:3.0
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论