Executive Summary
Summary | |
---|---|
Title | Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20110928-xcpcupsxml | First vendor Publication | 2011-08-17 |
Vendor | Cisco | Last vendor Modification | 2011-09-28 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A denial of service (DoS) vulnerability exists in Jabber Extensible Communications Platform (Jabber XCP) and Cisco Unified Presence. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious XML to an affected server. Successful exploitation of this vulnerability could cause elevated memory and CPU utilization, resulting in memory exhaustion and process crashes. Repeated exploitation could result in a sustained DoS condition. There are no workarounds available to mitigate exploitation of this vulnerability. |
Original Source
Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9 (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-776 | Unrestricted Recursive Entity References in DTDs ('XML Bomb') |
50 % | CWE-399 | Resource Management Errors |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
75929 | Cisco Unified Presence Nested XML Request Parsing Memory Consumption Remote DoS |
75926 | Cisco Jabber Extensible Communications Platform XML Request Parsing Memory Co... |