This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cisco First view 2011-10-06
Product Jabber Extensible Communications Platform Last view 2013-04-16
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:cisco:jabber_extensible_communications_platform:-:*:*:*:*:*:*:* 3
cpe:2.3:a:cisco:jabber_extensible_communications_platform:5.0:*:*:*:*:*:*:* 2
cpe:2.3:a:cisco:jabber_extensible_communications_platform:5.2:*:*:*:*:*:*:* 2
cpe:2.3:a:cisco:jabber_extensible_communications_platform:5.1:*:*:*:*:*:*:* 2

Related : CVE

  Date Alert Description
5 2013-04-16 CVE-2013-1187

The Connection Manager in Cisco Jabber Extensible Communications Platform (aka Jabber XCP) does not properly validate login data, which allows remote attackers to cause a denial of service (service crash) by sending a series of malformed login packets, aka Bug ID CSCts76762.

7.8 2012-09-12 CVE-2012-3935

Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832.

7.8 2011-10-06 CVE-2011-3287

Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x through 5.4.x before 5.4.0.27581 and 5.8.x before 5.8.1.27561 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug ID CSCtq78106, a similar issue to CVE-2003-1564.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-399 Resource Management Errors
33% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
33% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
75926 Cisco Jabber Extensible Communications Platform XML Request Parsing Memory Co...

Nessus® Vulnerability Scanner

id Description
2013-08-16 Name: The remote host is missing a vendor-supplied security patch.
File: cisco-sa-20120912-cupxcp.nasl - Type: ACT_GATHER_INFO