Vulnerability: Denial of service in Cisco Unified Presence and Cisco Jabber XCP
Danger: middle
CVE ID: CVE-2012-3935
Remote: Yes
Local: No
Impact: Denial of service
Affected Products:
– Cisco Jabber Extensible Communications Platform (Jabber XCP) 5.x;
– Cisco Unified Presence 8.x.
Affected versions: Cisco Unified Presence version to 8.6 (3). Jabber XCP version to 5.3.
Description:
The vulnerability can be exploited to cause a DoS attack.
An error in the Extensible Messaging and Presence Protocol (XMPP) when processing headers of the incoming streams. A remote user can cause a DoS attack.
Manufacturer URL: http://www.cisco.com/en/US/products/ps10969/index.html
Solution: Install the latest version from the manufacturer.
links:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-cupxcp