This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Cisco | First view | 2011-10-06 |
| Product | Unified Presence | Last view | 2012-09-12 |
| Version | 7.0(1) | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:cisco:unified_presence | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2012-09-12 | CVE-2012-3935 | Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832. |
| 7.5 | 2011-10-06 | CVE-2011-3288 | Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-776 | Unrestricted Recursive Entity References in DTDs ('XML Bomb') |
| 50% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 75929 | Cisco Unified Presence Nested XML Request Parsing Memory Consumption Remote DoS |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2013-08-16 | Name: The remote host is missing a vendor-supplied security patch. File: cisco-sa-20120912-cupxcp.nasl - Type: ACT_GATHER_INFO |
