Cisco emits 25 security bug fixes for IOS, takes second crack at patching WAN router SNAFUs

Anonymous Coward
Anonymous Coward

Bit of an understatement

"Found to be incomplete" is a bit of an understatement.

Ciscos "professional" (said very much in sarcasm) developers decided the best way to fix the problem was to drop HTTP requests if their User Agent field mentioned 'curl' (the library and cli utility).

They didn't seem to realise that's a user setting field. Trivially user settable (curl has the -A "I'm internet Eploder, really" option just for this).

