Summary
Detail | |||
---|---|---|---|
Vendor | Cisco | First view | 2011-10-06 |
Product | Unified Presence | Last view | 2012-09-12 |
Version | 7.0(1) | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:cisco:unified_presence |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.8 | 2012-09-12 | CVE-2012-3935 | Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832. |
7.5 | 2011-10-06 | CVE-2011-3288 | Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (1) | CWE-776 | Unrestricted Recursive Entity References in DTDs ('XML Bomb') |
50% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
75929 | Cisco Unified Presence Nested XML Request Parsing Memory Consumption Remote DoS |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2013-08-16 | Name: The remote host is missing a vendor-supplied security patch. File: cisco-sa-20120912-cupxcp.nasl - Type: ACT_GATHER_INFO |