Both IBM and Cisco are warning of vulnerabilities that remote attackers could exploit to cause denial of service and other problems. Administrators should apply available fixes to avoid security exposure.
IBM's HTTP Server is the latest victim of vulnerabilities due to OpenSSL flaws
A different vulnerability affects Cisco's Catalyst 6500 Series Switches and 7600 Series Internet Routers using the IP Security (IPSec) VPN Services Module (VPNSM). The VPNSM is a high-speed component that supplies infrastructure-integrated IPSec VPN services. Remote attackers using specially crafted Internet Key Exchange (IKE) packets can force the hardware to crash and reload, causing a denial of service.
The problem affects Cisco IOS versions 12.2SXA, 12.2SXB and 12.2SY using VPNSM. There are no workarounds to mitigate the problem, but Cisco is providing fixes. This issue with Cisco vulnerabilities is the latest of several in the past month.