Preview Tool

Cisco Bug: CSCta62636 - MDS Apache supports the HTTP TRACE/TRACK method exposing XST vulnerabili

Last Modified

Jan 28, 2017

Products (1)

  • Cisco MDS 9000 Series Multilayer Switches

Known Affected Releases


Description (partial)

MDS 95xx versions prior to 5.0(1) release ship with a Apache http server. Some version of Apache web server enable HTTP Trace and TRACK methods  on switch exposing XST vulnerability. 

HTTP service is enabled on the device

Disable http service by "no feature http" command.

This bug fix replaces Apache http server with thttpd server which does not exhibit this vulnerability.

Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.