Guest

Preview Tool

Cisco Bug: CSCvh68532 - ucsm Slow HTTP Denial of Service Attack CVE-2012-5568

Last Modified

Aug 13, 2019

Products (1)

  • Cisco Unified Computing System

Known Affected Releases

3.2(1d)A

Description (partial)

Symptom:
Some security scanners may flag UCSM HTTP protocol that is affected  by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: CVE-2012-5568

Conditions:
Apache used and has mod_reqtimeout set. 
 
CVE-2012-5568 is related to Apache Tomcat.  Cisco UCSM doesn't use Apache Tomcat.

Cisco UCSM using Apache WebServer not Tomcat.  Since 3.1(3a) UCSM has had:

<IfModule reqtimeout_module>
#LoadModule reqtimeout_module modules/mod_reqtimeout.so
RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
</IfModule>

Which were introduced via CSCuc73891 and CSCuu27759.  

Some security scanners even after this fix were flagging the device as vulnerable.  Cisco has worked with the scanning companies and identified as false positives.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.