Cisco Cisco IOS Software Release 12.4(2)XB6
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
6
Release Notes for Cisco 7000 Series Routers with Cisco IOS Release 12.4(11)XJ
OL-12261-01
Caveats
This sections contains the following information:
•
•
•
•
Open Caveats - Cisco IOS Release 12.4(11)XJ6
There are no open caveats in this release.
Resolved Caveats - Cisco IOS Release 12.4(11)XJ6
•
CSCsh12480
Cisco IOS software configured for Cisco IOS firewall Application Inspection Control (AIC) with a
HTTP configured application-specific policy are vulnerable to a Denial of Service when processing
a specific malformed HTTP transit packet. Successful exploitation of the vulnerability may result in
a reload of the affected device.
HTTP configured application-specific policy are vulnerable to a Denial of Service when processing
a specific malformed HTTP transit packet. Successful exploitation of the vulnerability may result in
a reload of the affected device.
Cisco has released free software updates that address this vulnerability.
A mitigation for this vulnerability is available. See the “Workarounds” section of the advisory for
details.
details.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosfw.shtml
.
•
CSCsg91306
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS
that can be exploited remotely to trigger a memory leak or to cause a reload of the Cisco IOS device.
that can be exploited remotely to trigger a memory leak or to cause a reload of the Cisco IOS device.
Cisco has released free software updates that address these vulnerabilities. Fixed Cisco IOS
software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities
addressed in this advisory.
software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities
addressed in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from
disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to
provide voice over IP services.
disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to
provide voice over IP services.
This advisory is posted at
Open Caveats - Cisco IOS Release 12.4(11)XJ2
There are no open caveats in this release.
Resolved Caveats - Cisco IOS Release 12.4(11)XJ2
•
CSCec12299