VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 27, 2003· Updated Jun 16, 2026

CVE-2003-0647

CVE-2003-0647

Description

Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Cisco Systems, Inc./Cisco iOS2 versions
    cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*range: <=12.2
    • (no CPE)range: <=12.2

Patches

Vulnerability mechanics

Root cause

"A buffer overflow vulnerability exists in the HTTP server component of Cisco IOS."

Attack vector

Remote attackers can trigger this vulnerability by sending an extremely long HTTP GET request, specifically 2 Gigabytes in size, to the affected device [ref_id=1]. This large request causes the buffer overflow, allowing for arbitrary code execution. The exploit requires the 'ip http server' service to be enabled on the target device [ref_id=1].

Affected code

The vulnerability lies within the HTTP server functionality of Cisco IOS versions 12.2 and earlier. The exploit code targets specific memory regions and utilizes shellcode tailored for different Cisco device models and IOS versions, indicating the overflow occurs during the processing of HTTP requests [ref_id=1].

What the fix does

The provided bundle does not contain information about a patch or specific remediation steps. The advisory suggests that the vulnerability is related to an integer overflow in the URL handling of the HTTP server, which can be exploited by sending a large amount of data [ref_id=1].

Preconditions

  • configThe 'ip http server' service must be enabled on the Cisco IOS device.
  • networkThe target device must be accessible over the network via HTTP (port 80).

Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.