Executive Summary

Title Cisco Prime Service Catalog XML External Entity Processing Vulnerability
Name cisco-sa-20150128-psc-xmlee First vendor Publication 2015-01-28
Vendor Cisco Last vendor Modification 2015-01-28
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:N/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 7.8 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores


A vulnerability in the configuration of the XML parser of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive data stored on the host operating system or cause system resource consumption that could cause a denial of service condition.

Cisco has released free software updates that address this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-psc-xmlee BEGIN PGP SIGNATURE Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJUyQx+AAoJEIpI1I6i1Mx3odMP/jz2w79smwN6h1FDcURnc0kW 1399pHnEFDOrzh2OcGMh++P77Efd8cBEwFctX4yhddMbK6qxQAudR2TqCUz7AS0X /f4uRCn1nESPbMGyH89wC0QsEyy7vK+HWPr5g0DhUNYZz1lhzVSFiju0MpNhB9Rj gJlEspPOhMpIvdgqa4t8Nw3D6TH/bSyPiSJs4k80G+LR6JP2XtbJ7jfoqhtheZUE 4Dk0jCRjoxsy2eIwN83GECFY+Efk5zLalCa6Np4WTCEqdaKYF8nCGTit+9NQTGqN wG7IGmgoIcptSnr1AQ3p/b6fidWOeO+iys95VV/rrJyjjv3TntX5mi4PapIqK2jf d3bZNipx3rz70GYhFKT4QjLrQExfqY4ZO/MbYcPAtbd9dZc9rmBFRaosV7gWw/9b BhP/r4b1z0hr4JXqXJAiwkt/aIvLd78tvXG4j5WXVn8gTAFTypDcxGB6HBx91CTS dVe8vwCEjn4DouKfU202pvy8zW2Zb+cIa6+OCW/j68GgdeYoiFX4wkq+8ZErfrg9 0zfAxxwiQ68EY6GOigrmX3iqB5hanSuOaO5crRGV/lGph7XZL+r7UVfXufyIXO29 l0ReYyq8xavf215w2f9QR3k8eaB8ACIjsnpgUc+VtVLGGR/wAnX3M9ASzjEI4QlZ TP2rdOXiw+hRrKt6uAzn =NTRk END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CPE : Common Platform Enumeration

Application 5

Snort® IPS/IDS

Date Description
2015-01-31 Cisco Prime Services Catalog XML external entity injection attempt
RuleID : 33229 - Revision : 1 - Type : SERVER-WEBAPP

Alert History

If you want to see full details history, please login or register.
Date Informations
2015-01-31 21:23:52
  • Multiple Updates
2015-01-29 21:29:41
  • Multiple Updates
2015-01-28 21:23:38
  • First insertion