News

IBM and Cisco battle remote attack vulnerabilities

By

Edmund X. DeJesus, Contributing Writer

Published: 12 Apr 2004 1:00

Both IBM and Cisco are warning of vulnerabilities that remote attackers could exploit to cause denial of service and other problems. Administrators should apply available fixes to avoid security exposure.

IBM's HTTP Server is the latest victim of vulnerabilities due to OpenSSL flaws reported in November 2003. OpenSSL has flaws in handling invalid ASN.1 encodings that a remote attacker may leverage by using unusual ASN.1 tag values. The resulting deallocation of memory can allow denial of service and possible execution of arbitrary code.

The problem affects IBM HTTP Server versions 1.x and 2.x. IBM has provided fixes in the form of upgrades to version 1.3.x or 2.0.

A different vulnerability affects Cisco's Catalyst 6500 Series Switches and 7600 Series Internet Routers using the IP Security (IPSec) VPN Services Module (VPNSM). The VPNSM is a high-speed component that supplies infrastructure-integrated IPSec VPN services. Remote attackers using specially crafted Internet Key Exchange (IKE) packets can force the hardware to crash and reload, causing a denial of service.

The problem affects Cisco IOS versions 12.2SXA, 12.2SXB and 12.2SY using VPNSM. There are no workarounds to mitigate the problem, but Cisco is providing fixes. This issue with Cisco vulnerabilities is the latest of several in the past month.

Read more on IT risk management

Latest News

Download Computer Weekly

In The Current Issue:
- UK critical systems at risk from ‘digital divide’ created by AI threats
- UK at risk of Russian cyber and physical attacks as Ukraine seeks peace deal
- Standard Chartered grounds AI ambitions in data governance
Download Current Issue

Latest Blog Posts

Red Hat launches llm-d community & project – Open Source Insider
Mobile Pixels Glance monitor range – Inspect-a-Gadget
View All Blogs

Search CIO

Court to weigh divestiture in Google ad tech antitrust case
Forcing Google to divest assets in the DOJ's advertising market antitrust case against it will present a challenging issue to the...
Early-stage tech companies comb through data, software code
Software startups participating in the 2025 MIT Sloan CIO Symposium's Innovation Showcase take on the challenge of picking out ...
Proposed U.S. budget cuts raise fears about tech innovation
President Donald Trump's proposed FY 2026 budget slashes funding for federal agencies, including NSF and NIST, which support tech...

Search Security

How to create a remote access policy, with template
Remote work, while beneficial, presents numerous security risks. Help keep your organization's systems safe with a remote access ...
What is data risk management? Key risks and best practices
Data risk management identifies, assesses and mitigates threats to organizational data, safeguarding sensitive information from ...
Best practices for board-level cybersecurity oversight
Corporate boards must play an increasingly active role in overseeing cybersecurity strategies. Here's what they need to know, ...

Search Networking

How AIOps enables next-generation networking
As networks grow more complex, management becomes more difficult. AIOps can help network administrators transition to and manage ...
BGP routing: A configuration and troubleshooting tutorial
BGP is the internet's core routing protocol, enabling communication between ISPs and large networks. This guide covers its ...
Cisco Live 2025 conference coverage and analysis
Cisco Live 2025 will largely focus on the need to modernize infrastructure with AI capabilities. Use this guide to follow along ...

Search Data Center

Dell makes private cloud optionality a priority
Dell Technologies wants to enable automation and choice on its data center hardware, with third-party support for Dell NativeEdge...
Dell Technologies CEO expects AI ubiquity in the enterprise
Michael Dell says he anticipates smaller, focused AI deployments for enterprise applications, but IT experts foresee challenges ...
Dell Technologies pitches its hardware for AI data centers
Servers, networking and storage hardware take center stage at Dell Technologies World 2025, as well as a tightly integrated ...

Search Data Management

Alation boosts agentic AI with Numbers Station acquisition
The acquisition adds capabilities such as Chat that enable users to embed agents in workflows to complement the vendor's existing...
Addition of new AI capabilities shows Starburst's growth
The open source data lakehouse vendor continues to evolve beyond being a data mesh specialist with the additions of agentic tools...
Alteryx One launch aims to unify, simplify vendor's platform
The updated version of the data integration vendor's platform aims to make it easier to prepare data for AI and analytics, while ...

Close