This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cisco First view 2009-10-16
Product Unified Presence Server Last view 2011-08-29
Version 6.0(4) Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:cisco:unified_presence_server

Activity : Overall

Related : CVE

  Date Alert Description
10 2011-08-29 CVE-2011-1643

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833.

7.8 2010-08-26 CVE-2010-2840

The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.

7.8 2010-08-26 CVE-2010-2839

SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474.

7.8 2009-10-16 CVE-2009-2874

The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-399 Resource Management Errors
33% (1) CWE-200 Information Exposure
33% (1) CWE-20 Improper Input Validation

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-2 Inducing Account Lockout
CAPEC-82 Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-147 XML Ping of Death
CAPEC-228 Resource Depletion through DTD Injection in a SOAP Message

Open Source Vulnerability Database (OSVDB)

id Description
74779 Cisco Multiple Products Open Query Interface Remote Information Disclosure
67560 Cisco Unified Presence Engine Service Malformed SIP SUBSCRIBE Message Remote DoS
67559 Cisco Unified Presence SIPD Malformed SIP Message Remote DoS
59057 Cisco Unified Presence TimesTenD TCP Connection Saturation Remote DoS