Cisco Cache and Content Engines could allow an attacker to spoof the origin IP of forwarded TCP traffic

cisco-cache-content-tcp-forward (9082) The risk level is classified as LowLow Risk

Description:

Multiple Cisco Cache Engines, Content Engine, Content Router, and Content Distribution Manager devices running cache software could allowa remote attacker to open spoofed TCP connections. This is caused by a vulnerability in the transparent caching function that allows the cache software to cache data of proxy servers using HTTPS. An attacker can use this vulnerability to launch various attacks or to perform unauthorized activity using a spoofed IP address.


Consequences:

Other

Remedy:

Refer to Cisco Security Advisory: Transparent Cache Engine and Content Engine TCP Relay Vulnerability dated 2002 May 15 18:00 GMT for upgrade and workaround information. See References.

References:

  • Cisco Systems Inc. Security Advisory, 2002 May 15 18:00 GMT: Transparent Cache Engine and Content Engine TCP Relay Vulnerability.
  • BID-4751: Cisco Cache Engine Default Configuration Arbitrary User Proxy Vulnerability
  • CVE-2002-0778: The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP.
  • OSVDB ID: 5111: Cisco Cache/Content Engine HTTPS Anonymous Relay

Platforms Affected:

  • Cisco Cache Engine 505 2.2.0
  • Cisco Cache Engine 505 3.0.0
  • Cisco Cache Engine 505 4.0.0
  • Cisco Cache Engine 505
  • Cisco Cache Engine 550
  • Cisco Cache Engine 570
  • Cisco Content Distribution Manager 4630 4.0
  • Cisco Content Distribution Manager 4630 4.1
  • Cisco Content Distribution Manager 4630
  • Cisco Content Distribution Manager 4650 4.0
  • Cisco Content Distribution Manager 4650 4.1
  • Cisco Content Distribution Manager 4650
  • Cisco Content Engine 507
  • Cisco Content Engine 560
  • Cisco Content Engine 590
  • Cisco Content Engine 7320
  • Cisco Content Router 4430 4.0
  • Cisco Content Router 4430 4.1
  • Cisco Content Router 4430

Reported:

May 15, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page