This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cisco First view 2011-10-06
Product Unified Presence Last view 2012-09-12
Version 7.0(1) Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:cisco:unified_presence

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2012-09-12 CVE-2012-3935

Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832.

7.5 2011-10-06 CVE-2011-3288

Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-776 Unrestricted Recursive Entity References in DTDs ('XML Bomb')
50% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Open Source Vulnerability Database (OSVDB)

id Description
75929 Cisco Unified Presence Nested XML Request Parsing Memory Consumption Remote DoS

Nessus® Vulnerability Scanner

id Description
2013-08-16 Name: The remote host is missing a vendor-supplied security patch.
File: cisco-sa-20120912-cupxcp.nasl - Type: ACT_GATHER_INFO