CVE-2012-0368

Description

The administrative management interface on Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allows remote attackers to cause a denial of service (device crash) via a malformed URL in an HTTP request, aka Bug ID CSCts81997.

Affected products

• Cisco / 2000_wireless_lan_controller
• Cisco / 2100_wireless_lan_controller
• Cisco / 2106_wireless_lan_controller
• Cisco / 2112_wireless_lan_controller
• Cisco / 2125_wireless_lan_controller
• Cisco / 2500_wireless_lan_controller
• Cisco / 2504_wireless_lan_controller
• Cisco / 4100_wireless_lan_controller
• Cisco / 4400_wireless_lan_controller
• Cisco / 4402_wireless_lan_controller
• Cisco / 4404_wireless_lan_controller
• Cisco / 5508_wireless_controller
• Cisco / wireless_lan_controller_software4.1.181.0 – 4.1.181.0
• Cisco / wireless_lan_controller_software4.1.185.0 – 4.1.185.0
• Cisco / wireless_lan_controller_software4.1m – 4.1m
• Cisco / wireless_lan_controller_software4.2 – 4.2
• Cisco / wireless_lan_controller_software4.2.61.0 – 4.2.61.0
• Cisco / wireless_lan_controller_software4.2.99.0 – 4.2.99.0
• Cisco / wireless_lan_controller_software4.2.112.0 – 4.2.112.0
• Cisco / wireless_lan_controller_software4.2.117.0 – 4.2.117.0
• Cisco / wireless_lan_controller_software4.2.130.0 – 4.2.130.0
• Cisco / wireless_lan_controller_software4.2.173.0 – 4.2.173.0
• Cisco / wireless_lan_controller_software4.2.174.0 – 4.2.174.0
• Cisco / wireless_lan_controller_software4.2.176.0 – 4.2.176.0
• Cisco / wireless_lan_controller_software4.2.182.0 – 4.2.182.0
• Cisco / wireless_lan_controller_software4.2m – 4.2m
• Cisco / wireless_lan_controller_software5.0 – 5.0
• Cisco / wireless_lan_controller_software5.0.148.0 – 5.0.148.0
• Cisco / wireless_lan_controller_software5.0.148.2 – 5.0.148.2
• Cisco / wireless_lan_controller_software5.1 – 5.1
• Cisco / wireless_lan_controller_software5.1.151.0 – 5.1.151.0
• Cisco / wireless_lan_controller_software5.1.152.0 – 5.1.152.0
• Cisco / wireless_lan_controller_software5.1.160.0 – 5.1.160.0
• Cisco / wireless_lan_controller_software5.2 – 5.2
• Cisco / wireless_lan_controller_software5.2.157.0 – 5.2.157.0
• Cisco / wireless_lan_controller_software5.2.169.0 – 5.2.169.0
• Cisco / wireless_lan_controller_software4.0 – 4.0
• Cisco / wireless_lan_controller_software6.0.182.0 – 6.0.182.0
• Cisco / wireless_lan_controller_software6.0.188.0 – 6.0.188.0
• Cisco / wireless_lan_controller_software6.0.196.0 – 6.0.196.0
• Cisco / wireless_lan_controller_software6.0.199.0 – 6.0.199.0
• Cisco / wireless_lan_controller_software6.0.199.4 – 6.0.199.4
• Cisco / wireless_lan_controller_software7.0 – 7.0
• Cisco / wireless_lan_controller_software7.0.98.0 – 7.0.98.0
• Cisco / wireless_lan_controller_software7.1 – 7.1
• Cisco / wireless_lan_controller_software7.2 – 7.2
• Cisco / wireless_lan_controller_software6.0 – 6.0
• Cisco / wireless_lan_controller_software4.0.108 – 4.0.108
• Cisco / wireless_lan_controller_software4.0.155.0 – 4.0.155.0
• Cisco / wireless_lan_controller_software4.0.155.5 – 4.0.155.5
• Cisco / wireless_lan_controller_software4.0.179.8 – 4.0.179.8
• Cisco / wireless_lan_controller_software4.0.179.11 – 4.0.179.11
• Cisco / wireless_lan_controller_software4.0.196 – 4.0.196
• Cisco / wireless_lan_controller_software4.0.206.0 – 4.0.206.0
• Cisco / wireless_lan_controller_software4.0.217.0 – 4.0.217.0
• Cisco / wireless_lan_controller_software4.0.219.0 – 4.0.219.0
• Cisco / wireless_lan_controller_software4.1 – 4.1
• Cisco / wireless_lan_controller_software4.1.171.0 – 4.1.171.0

References

• VENDOR_ADVISORYhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-wlc
• MISChttp://archives.neohapsis.com/archives/bugtraq/2012-02/0188.html