7.8 - cisco-sa-20160831-spa

A vulnerability in the HTTP framework of Cisco Small Business SPA300 Series IP Phones, Cisco Small Business SPA500 Series IP Phones, and Cisco SPA51x IP Phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to incorrect handling of malformed HTTP traffic. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. An exploit could allow the attacker to deny service continually by sending crafted HTTP requests to a phone, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-spa BEGIN PGP SIGNATURE Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXxj/MAAoJEK89gD3EAJB5fiQP/iXbjAHIcxAZFq/nuKfScFTR Tukk4gfyLP6SA8LJwHPEKGPeUrc/u5yC/UtqEUGEVGivI3THG+o/cQllS9Gry8Px S4/2YwuLrihii68jEB4FqKrLrv+t8TpsQKTz9D//RiHeQ5GLQ1NIDliRA2y3jh3k yG4txfpOrOjm5flIsL7nEdYt7eGqtJaJt5bfrBv2GFkpD3rGhKcKKYhV9sfisZe7 CVTcePwVvLSGd5ClkRbVJ0xDhMT9fCb9tsi1FUaMZwjL0t5UkWfdUpi3KjHxql7r GZTBCOmcJ2ALMfK+mFTTT0TvlfogZs0vRo6PPKmYh57LDQ/sOZlrwBN4hw+2gOK +wW9uQZMPixo1k7CL7NKbo/Vetm43x0yHJqWffgv5AGHX1RwLLR4Ccf1/PoQqBsh0 fKHdoXjvvLBubC6mvKvG99s8q63whlAz9OwhrJ/J4r9J/lLajarKyp2nJEa0ox7l Ji8rI+o+EdlBpT8kufhlZjs5ute7l27QOFxsy4YMZnTAgEO3M39fMlW8jnVEBnxI pKfgQJ+g/8jwSx3tHtzZA7OjjOP+F4Dj5TC1qcADrIHrk84ok2xojWqhTJZvO6yt obvtQstJtoVtCyNZxKaMKJzWaVkiB8fEI7aMGk82ioCV+SytMMKbMxdxhDlxq0dU kXBRTHvADTwjYYTunD6x =bB6A END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com