| VID |
29155 |
| Severity |
30 |
| Port |
22 |
| Protocol |
TCP |
| Class |
CISCO |
| Detailed Description |
The CISCO IOS system does not disable http server. The HTTP server allows remote management of routers. Unfortunately, it uses simple HTTP authentication which sends passwords in the clear. This could allow unauthorized access to the device. So the http server should be disabled.
* Platforms Affected:
CISCO IOS |
| Recommendation |
Disable http server as follows :
Router# config terminal
Router(config)# no ip http server |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
