10-11-2012 12:52 PM
We had a PCI security audit of an existing VIP on our ACE 4710. The VIP is set up as HTTPS terminating on the ACE with a http redirect for all 80 traffic. The audit reported this VIP was vunerabled to the Cisco "IOS HTTP Authorization Vulnerability". Which basicly states, http Management is on this IOS device. It does not make any sense, as the VIP is pointed to a pair IIS servers, Any ideas?
Solved! Go to Solution.
10-12-2012 10:14 AM
Chris-
There is no way to issue a command to the CLI of ACE by hitting a VIP, the tool is reporting a false positive.
Regards,
Chris Higgins
10-12-2012 10:14 AM
Chris-
There is no way to issue a command to the CLI of ACE by hitting a VIP, the tool is reporting a false positive.
Regards,
Chris Higgins
10-16-2012 12:09 PM
It turns the webserver behind the VIP, was returing a page when you sent a HTML GET to https://www.mysite.com/level/16/exec/- This was being a recoded as a security vulnerability. Thanks for the sanity check!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide