Executive Summary
| Summary | |
|---|---|
| Title | Cisco Prime Service Catalog XML External Entity Processing Vulnerability |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20150128-psc-xmlee | First vendor Publication | 2015-01-28 |
| Vendor | Cisco | Last vendor Modification | 2015-01-28 |
| Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:C/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 7.8 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability in the configuration of the XML parser of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive data stored on the host operating system or cause system resource consumption that could cause a denial of service condition. Cisco has released free software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-psc-xmlee BEGIN PGP SIGNATURE Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJUyQx+AAoJEIpI1I6i1Mx3odMP/jz2w79smwN6h1FDcURnc0kW 1399pHnEFDOrzh2OcGMh++P77Efd8cBEwFctX4yhddMbK6qxQAudR2TqCUz7AS0X /f4uRCn1nESPbMGyH89wC0QsEyy7vK+HWPr5g0DhUNYZz1lhzVSFiju0MpNhB9Rj gJlEspPOhMpIvdgqa4t8Nw3D6TH/bSyPiSJs4k80G+LR6JP2XtbJ7jfoqhtheZUE 4Dk0jCRjoxsy2eIwN83GECFY+Efk5zLalCa6Np4WTCEqdaKYF8nCGTit+9NQTGqN wG7IGmgoIcptSnr1AQ3p/b6fidWOeO+iys95VV/rrJyjjv3TntX5mi4PapIqK2jf d3bZNipx3rz70GYhFKT4QjLrQExfqY4ZO/MbYcPAtbd9dZc9rmBFRaosV7gWw/9b BhP/r4b1z0hr4JXqXJAiwkt/aIvLd78tvXG4j5WXVn8gTAFTypDcxGB6HBx91CTS dVe8vwCEjn4DouKfU202pvy8zW2Zb+cIa6+OCW/j68GgdeYoiFX4wkq+8ZErfrg9 0zfAxxwiQ68EY6GOigrmX3iqB5hanSuOaO5crRGV/lGph7XZL+r7UVfXufyIXO29 l0ReYyq8xavf215w2f9QR3k8eaB8ACIjsnpgUc+VtVLGGR/wAnX3M9ASzjEI4QlZ TP2rdOXiw+hRrKt6uAzn =NTRk END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 5 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2015-01-31 | Cisco Prime Services Catalog XML external entity injection attempt RuleID : 33229 - Revision : 1 - Type : SERVER-WEBAPP |
Alert History
| Date | Informations |
|---|---|
| 2015-01-31 21:23:52 |
|
| 2015-01-29 21:29:41 |
|
| 2015-01-28 21:23:38 |
|
