All the vulnerabilites related to cisco - jabber_extensible_communications_platform
cve-2011-3287
Vulnerability from cvelistv5
Published
2011-10-06 10:00
Modified
2024-09-17 01:00
Severity ?
EPSS score ?
Summary
Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x through 5.4.x before 5.4.0.27581 and 5.8.x before 5.8.1.27561 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug ID CSCtq78106, a similar issue to CVE-2003-1564.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110928 Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x through 5.4.x before 5.4.0.27581 and 5.8.x before 5.8.1.27561 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug ID CSCtq78106, a similar issue to CVE-2003-1564."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-06T10:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20110928 Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-3287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x through 5.4.x before 5.4.0.27581 and 5.8.x before 5.8.1.27561 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug ID CSCtq78106, a similar issue to CVE-2003-1564."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110928 Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-3287",
"datePublished": "2011-10-06T10:00:00Z",
"dateReserved": "2011-08-29T00:00:00Z",
"dateUpdated": "2024-09-17T01:00:41.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3935
Vulnerability from cvelistv5
Published
2012-09-12 23:00
Modified
2024-08-06 20:21
Severity ?
EPSS score ?
Summary
Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78457 | vdb-entry, x_refsource_XF | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-cupxcp | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id?1027520 | vdb-entry, x_refsource_SECTRACK | |
| http://osvdb.org/85421 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/50562 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-presence-jabber-dos(78457)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78457"
},
{
"name": "20120912 Cisco Unified Presence and Jabber Extensible Communications Platform Stream Header Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-cupxcp"
},
{
"name": "1027520",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027520"
},
{
"name": "85421",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/85421"
},
{
"name": "50562",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50562"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-presence-jabber-dos(78457)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78457"
},
{
"name": "20120912 Cisco Unified Presence and Jabber Extensible Communications Platform Stream Header Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-cupxcp"
},
{
"name": "1027520",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027520"
},
{
"name": "85421",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/85421"
},
{
"name": "50562",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50562"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-3935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-presence-jabber-dos(78457)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78457"
},
{
"name": "20120912 Cisco Unified Presence and Jabber Extensible Communications Platform Stream Header Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-cupxcp"
},
{
"name": "1027520",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027520"
},
{
"name": "85421",
"refsource": "OSVDB",
"url": "http://osvdb.org/85421"
},
{
"name": "50562",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50562"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-3935",
"datePublished": "2012-09-12T23:00:00",
"dateReserved": "2012-07-10T00:00:00",
"dateUpdated": "2024-08-06T20:21:04.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1187
Vulnerability from cvelistv5
Published
2013-04-16 10:00
Modified
2024-09-17 01:15
Severity ?
EPSS score ?
Summary
The Connection Manager in Cisco Jabber Extensible Communications Platform (aka Jabber XCP) does not properly validate login data, which allows remote attackers to cause a denial of service (service crash) by sending a series of malformed login packets, aka Bug ID CSCts76762.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1187 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130411 Cisco Jabber Extensible Communications Platform Connection Manager Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1187"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Connection Manager in Cisco Jabber Extensible Communications Platform (aka Jabber XCP) does not properly validate login data, which allows remote attackers to cause a denial of service (service crash) by sending a series of malformed login packets, aka Bug ID CSCts76762."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-16T10:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20130411 Cisco Jabber Extensible Communications Platform Connection Manager Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1187"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Connection Manager in Cisco Jabber Extensible Communications Platform (aka Jabber XCP) does not properly validate login data, which allows remote attackers to cause a denial of service (service crash) by sending a series of malformed login packets, aka Bug ID CSCts76762."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130411 Cisco Jabber Extensible Communications Platform Connection Manager Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1187"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-1187",
"datePublished": "2013-04-16T10:00:00Z",
"dateReserved": "2013-01-11T00:00:00Z",
"dateUpdated": "2024-09-17T01:15:31.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2011-10-06 10:55
Modified
2024-11-21 01:30
Severity ?
Summary
Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x through 5.4.x before 5.4.0.27581 and 5.8.x before 5.8.1.27561 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug ID CSCtq78106, a similar issue to CVE-2003-1564.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:jabber_extensible_communications_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FD4081C-693D-428E-BAA3-CD84FA32CAA9",
"versionEndIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:jabber_extensible_communications_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D89D6B4A-5A22-4B72-ADAA-60BDC278BCE8",
"versionEndIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:jabber_extensible_communications_platform:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2AB986-DA30-4DA7-8894-14D9579E7734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:jabber_extensible_communications_platform:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E07317-7E24-4455-9BBC-CF0C9B3F17FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:jabber_extensible_communications_platform:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7967087-068F-4AC9-A7D5-7A493202D718",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x through 5.4.x before 5.4.0.27581 and 5.8.x before 5.8.1.27561 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug ID CSCtq78106, a similar issue to CVE-2003-1564."
},
{
"lang": "es",
"value": "Cisco Jabber Extensible Communications Platform (tambi\u00e9n conocido como Jabber XCP) v2.x hasta la v5.4.x antes de v5.4.0.27581 y v5.8.x antes de v5.8.1.27561 no detecta correctamente la recursividad durante la expansi\u00f3n de la entidad, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria y CPU, y finalmente la ca\u00edda del proceso) a trav\u00e9s de un documento XML debidamente modificado que contiene un gran n\u00famero de referencias a entidades anidadas. Se trata de un problema tambi\u00e9n conocido como Bug ID CSCtq78106. Es un problema similar a CVE-2003-1564."
}
],
"id": "CVE-2011-3287",
"lastModified": "2024-11-21T01:30:11.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-06T10:55:05.050",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-16 14:04
Modified
2024-11-21 01:49
Severity ?
Summary
The Connection Manager in Cisco Jabber Extensible Communications Platform (aka Jabber XCP) does not properly validate login data, which allows remote attackers to cause a denial of service (service crash) by sending a series of malformed login packets, aka Bug ID CSCts76762.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | jabber_extensible_communications_platform | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:jabber_extensible_communications_platform:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FC7F2F-FD4A-442D-95E5-2E25E6C95250",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Connection Manager in Cisco Jabber Extensible Communications Platform (aka Jabber XCP) does not properly validate login data, which allows remote attackers to cause a denial of service (service crash) by sending a series of malformed login packets, aka Bug ID CSCts76762."
},
{
"lang": "es",
"value": "El Connection Manager en Cisco Jabber Extensible Communications Platform (tambi\u00e9n conocido como Jabber XCP) no valida correctamente datos de login, lo cual permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del servicio) mediante el envio de una serie de paquetes de login malformados, tambi\u00e9n conocido como Bug ID CSCts76762."
}
],
"id": "CVE-2013-1187",
"lastModified": "2024-11-21T01:49:04.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-16T14:04:30.907",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1187"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-12 23:55
Modified
2024-11-21 01:41
Severity ?
Summary
Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_presence:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF489778-059A-4D9C-A892-3695BC0795BB",
"versionEndIncluding": "8.6\\(2\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53DFD5A1-33C9-45E5-B7B9-2B1FAA840ED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9B1A89-6A54-4BA7-9980-3EB46C650FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4EBA6C36-8B78-45DF-B73E-326F6C72B6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F7358448-71EA-49E7-BAAD-30B3F82C5A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D425ACC6-F347-4106-8E1C-B95E9D82C21A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2EBDC5EE-18F6-4C98-B815-1E14351EAD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "309E650A-7907-4E57-B571-4B072E62A1EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "10AD3A1E-D9A2-4B90-A09A-2596B09B2F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(7\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9122B9CF-CDB8-448E-B9E4-6613D4B401BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:6.0_1:*:*:*:*:*:*:*",
"matchCriteriaId": "36C86548-FAC6-49A3-9D3B-3107A7916086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:6.0_2:*:*:*:*:*:*:*",
"matchCriteriaId": "49F5F5FC-E41A-46F2-B168-FDF48F56ACBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D88C06B5-BD50-4A43-9B51-5D3D91F691F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "194B6B31-58FD-42F9-BAAD-6D539D2DE445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "61B1C092-C3D4-4BCF-8F16-27978150076A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "01BD934F-DC42-43CF-8B69-1B98D2CE5787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "94BB2FB8-F54D-42B0-B8D9-37253D8A7794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6CE37DDB-11FC-41B5-A9CB-60825ED8EC21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "325098C4-4AA0-43CF-A421-126D8BC05661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(7\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FA453950-82A8-4374-8655-B3C7662074AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(8\\):*:*:*:*:*:*:*",
"matchCriteriaId": "202EB97F-B4D4-4269-9FE6-E11A637C2C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(9\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4C8B9CA0-3F44-4B5C-A8EE-BD8BC90FD076",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7915D1A-5B9C-4D72-A6A8-C77BBDE40F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:8.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CF088815-90E1-4A74-9EF2-BC3F0C8CFEF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:8.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A8F1A6C5-5150-4080-AE51-36432DC293E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:8.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1A5D87B2-E85D-4A28-9EFF-9408FDB35B92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:8.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "60A36A8C-4CDD-4251-82F5-083C5BA1132A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C7329B46-66E8-4429-8664-8DB94DBD3134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:8.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7320D823-9FCA-4624-8F94-FB2A6081BA87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:8.5\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "26D3FA4B-E9A5-413B-B13D-61EE62AA0444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:8.5\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AACEEBD1-DB8B-457B-9E18-6BC1E8BD6B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence:8.6\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "67F1CFA0-8D7C-4CA3-8E44-9B1BA94E8FB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:jabber_extensible_communications_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05E13F0E-2877-4D62-B1B7-6A57BEA5E29F",
"versionEndIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832."
},
{
"lang": "es",
"value": "Cisco Unified Presence (CUP) antes de v8.6 (3) y Jabber Extensible Communications Platform (tambi\u00e9n conocido como Jabber XCP) antes de v5.3, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del proceso) a trav\u00e9s de una cabecera XMPP modificada, tambi\u00e9n conocido como Bug ID CSCtu32832."
}
],
"id": "CVE-2012-3935",
"lastModified": "2024-11-21T01:41:49.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-12T23:55:00.807",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://osvdb.org/85421"
},
{
"source": "ykramarz@cisco.com",
"url": "http://secunia.com/advisories/50562"
},
{
"source": "ykramarz@cisco.com",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-cupxcp"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id?1027520"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/85421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-cupxcp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78457"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}