This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cisco First view 2007-04-02
Product Unified Presence Server Last view 2009-10-16
Version 1.0(1) Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:cisco:unified_presence_server

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2009-10-16 CVE-2009-2874

The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662.
7.8 2008-05-16 CVE-2008-1158

The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164.
5 2007-07-15 CVE-2007-3776

Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962.
7.8 2007-07-15 CVE-2007-3775

Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985.
7.8 2007-04-02 CVE-2007-1834

Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698.
7.8 2007-04-02 CVE-2007-1826

Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster services) via a "specific UDP packet" to UDP port 8500, aka bug ID CSCsg60949.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-20 Improper Input Validation

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-2 Inducing Account Lockout
CAPEC-82 Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-147 XML Ping of Death
CAPEC-228 Resource Depletion through DTD Injection in a SOAP Message

Open Source Vulnerability Database (OSVDB)

id Description
59057 Cisco Unified Presence TimesTenD TCP Connection Saturation Remote DoS
45219 Cisco Unified Presence Engine Service Malformed IP Packet Processing Remote D...
36124 Cisco CUCM / CUPS Unspecified SNMP Information Disclosure
36123 Cisco CUCM / CUPS Unspecified Cluster Services DoS
34919 Cisco Multiple Products Crafted UDP Packet Remote DoS
34594 Cisco CUCM / CUPS ICMP Echo Request Saturation DoS

OpenVAS Exploits

id Description
2009-10-13 Name : SLES10: Security update for Sun Java
File : nvt/sles10_java-1_4_2-sun1.nasl
2009-10-10 Name : SLES9: Security update for Java2
File : nvt/sles9p5023078.nasl

Nessus® Vulnerability Scanner

id Description
2008-04-04 Name: The remote openSUSE host is missing a security update.
File: suse_java-1_4_2-sun-5130.nasl - Type: ACT_GATHER_INFO
2008-04-04 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_java-1_4_2-sun-5131.nasl - Type: ACT_GATHER_INFO
2008-04-04 Name: The remote openSUSE host is missing a security update.
File: suse_java-1_5_0-sun-5133.nasl - Type: ACT_GATHER_INFO
2008-04-04 Name: The remote openSUSE host is missing a security update.
File: suse_java-1_6_0-sun-5132.nasl - Type: ACT_GATHER_INFO