Cisco Cisco IOS Software Release 12.2
47
Caveats for Cisco IOS Release 12.2
OL-3513-16 Rev. G0
Resolved Caveats—Cisco IOS Release 12.2(28d)
Conditions: This symptom has been observed on a Cisco gatekeeper running Cisco IOS
Release 12.2(8)T1 or later. DGK leaks memory when sequential LRQ is configured and there is only
one remote zone to forward LRQs to.
Release 12.2(8)T1 or later. DGK leaks memory when sequential LRQ is configured and there is only
one remote zone to forward LRQs to.
Workaround: There is no workaround.
Wide-Area Networking
•
CSCec27865
Symptoms: Packet forwarding may not function properly on a terminated Frame Relay permanent
virtual circuit (PVC) that is configured on an ISDN link.
virtual circuit (PVC) that is configured on an ISDN link.
Conditions: This symptom is observed on a Cisco 7200 series. The symptom does not occur on other
platforms.
platforms.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.2(28d)
Cisco IOS Release 12.2(28d) is a rebuild release for Cisco IOS Release 12.2(28). The caveats in this
section are resolved in Cisco IOS Release 12.2(28d) but may be open in previous Cisco IOS releases.
section are resolved in Cisco IOS Release 12.2(28d) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
Symptoms: A description of what is observed when the caveat occurs.
•
Conditions: The conditions under which the caveat has been known to occur.
•
Workaround: Solutions, if available, to counteract the caveat.
Basic System Services
•
CSCeg62070
Symptoms: Tracebacks or crash are seen during HTTP transactions with long URLs.
Conditions: The crash is seen when the length of any token in the URL of the request is excessively
long.
long.
Workaround: Disable HTTP server using the no ip http server command.
•
CSCsc64976
A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically
generated output, such as the output from a show buffers command, will be passed to the browser
requesting the page. This HTML code could be interpreted by the client browser and potentially
execute malicious commands against the device or other possible cross-site scripting attacks.
Successful exploitation of this vulnerability requires that a user browse a page containing dynamic
content in which HTML commands have been injected.
generated output, such as the output from a show buffers command, will be passed to the browser
requesting the page. This HTML code could be interpreted by the client browser and potentially
execute malicious commands against the device or other possible cross-site scripting attacks.
Successful exploitation of this vulnerability requires that a user browse a page containing dynamic
content in which HTML commands have been injected.
Cisco will be making free software available to address this vulnerability for affected customers.
There are workarounds available to mitigate the effects of the vulnerability.
There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at