Guest

Preview Tool

Cisco Bug: CSCuo74457 - IPS EAF should never remove deny actions from normalizer signatures

Last Modified

Jun 16, 2015

Products (17)

  • Cisco IPS 4200 Series Sensors
  • Cisco ASA 5555-X IPS Security Services Processor
  • Cisco IPS 4255 Sensor
  • Cisco IPS 4260 Sensor
  • Cisco IPS 4270-20 Sensor
  • Cisco IPS 4345 Sensor
  • Cisco IPS 4520 Sensor
  • Cisco ASA 5525-X IPS Security Services Processor
  • Cisco ASA 5545-X IPS Security Services Processor
  • Cisco IPS 4510 Sensor
View all products in Bug Search Tool Login Required

Known Affected Releases

7.1(8)E4 7.3(2)E4

Description (partial)

Symptom:
TCP traffic streams can be affected if IPS Event Action Filters (EAF) are configured to remove deny actions from IPS normalizer signatures. All traffic over affected stream stops.

Conditions:
This issue was first found in 7.1(8) and was also seen in 7.2(3).

Event Action Filter can look like this:

actions-to-remove request-block-connection|request-block-host|deny-attacker-inline|deny-attacker-service-pair-inline|deny-attacker-victim-pair-inline|deny-packet-inline|deny-connection-inline|reset-tcp-connection|produce-alert|produce-verbose-alert|request-rate-limit|request-snmp-trap
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.