Symptom
Cisco Cisco Nexus 1000V Switch includes a version of Apache that is affected by the vulnerabilities identified by the following Common
Vulnerability and Exposures (CVE) IDs:
CVE-2013-2249, CVE-2013-1862, CVE-2013-1896
CVE-2013-2249, CVE-2013-1896 do not apply to the configuration of Apache used in Nexus 1000v, however CVE-2013-1862 does and this bug was opened
to address the potential impact on this product.
Conditions
Device with default configuration.
Workaround
Not currently available.
Further Problem Description
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5.1/5.1:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:H/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C&version=2.0
CVE ID CVE-2013-2249, CVE-2013-1862,CVE-2013-1896 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
