[c-nsp] Vulnerabilities in HTTP server on Catalyst Switches
Lars Erik Gullerud
lerik at nolink.net
Thu Jun 9 12:29:15 EDT 2005
On Thu, 9 Jun 2005, John Neiberger wrote:
>
> Can any of you think of a good reason to leave the http server on a
> Catalyst switch turned off? I understand that it's best to leave
> services turned off if you don't need them, but what if you want to
> use Cisco Network Assistant, for example, and that requires you to
> turn on the http server?
Based on the track-record of the IOS http server when it comes to
vulnerabilities, I'd be inclined to agree with your security admin unless
the switch is sitting in a very protected network environment. In
fact, we don't have a single Cisco device with the http server enabled
anywhere, and I believe most of the network engineers would riot if
someone suggested turning it on. :)
/leg
More information about the cisco-nsp
mailing list