Denial of service in Cisco Unified Presence and Cisco Jabber XCP

Posted: September 15, 2012 in Vulnerabilities
Tags: , ,

Cisco logoVulnerability: Denial of service in Cisco Unified Presence and Cisco Jabber XCP

Danger: middle
CVE ID: CVE-2012-3935
Remote:     Yes
Local:     No
Impact: Denial of service
Affected Products:

– Cisco Jabber Extensible Communications Platform (Jabber XCP) 5.x;
– Cisco Unified Presence 8.x.

Affected versions: Cisco Unified Presence version to 8.6 (3). Jabber XCP version to 5.3.

Description:

The vulnerability can be exploited to cause a DoS attack.

An error in the Extensible Messaging and Presence Protocol (XMPP) when processing headers of the incoming streams. A remote user can cause a DoS attack.

Manufacturer URL: http://www.cisco.com/en/US/products/ps10969/index.html

Solution: Install the latest version from the manufacturer.

links:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-cupxcp

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s