This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Cisco | First view | 2010-08-26 |
| Product | Unified Presence Server | Last view | 2010-08-26 |
| Version | 6.0(5.1101-1) | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:cisco:unified_presence_server | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2010-08-26 | CVE-2010-2840 | The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629. |
| 7.8 | 2010-08-26 | CVE-2010-2839 | SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-399 | Resource Management Errors |
| 50% (1) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 67560 | Cisco Unified Presence Engine Service Malformed SIP SUBSCRIBE Message Remote DoS |
| 67559 | Cisco Unified Presence SIPD Malformed SIP Message Remote DoS |
