cvelistv5 - cve-2016-1343

CVE-2016-1343 (GCVE-0-2016-1343)

Vulnerability from cvelistv5 – Published: 2016-04-30 10:00 – Updated: 2024-08-05 22:55

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

http://tools.cisco.com/security/center/content/Ci…

vendor-advisoryx_refsource_CISCO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:14.259Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160428 Cisco Information Server XML Parser Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-04-30T01:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20160428 Cisco Information Server XML Parser Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1343",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160428 Cisco Information Server XML Parser Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1343",
    "datePublished": "2016-04-30T10:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:55:14.259Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:information_server:6.2_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74781EB9-52DD-4580-8366-B2059150F619\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059.\"}, {\"lang\": \"es\", \"value\": \"El int\\u00e9rprete XML en Cisco Information Server (CIS) 6.2 permite a atacantes remotos leer archivos arbitrarios o provocar una denegaci\\u00f3n de servicio (consumo de CPU y memoria) a trav\\u00e9s de una declaraci\\u00f3n de entidad externa en conjunci\\u00f3n con una referencia a entidad, relacionado con aun problema XML External Entity (XXE), tambi\\u00e9n conocida como Bug ID CSCuy39059.\"}]",
      "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/611.html\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e",
      "id": "CVE-2016-1343",
      "lastModified": "2024-11-21T02:46:13.297",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.8}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:P\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-04-30T10:59:04.643",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-1343\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2016-04-30T10:59:04.643\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059.\"},{\"lang\":\"es\",\"value\":\"El int\u00e9rprete XML en Cisco Information Server (CIS) 6.2 permite a atacantes remotos leer archivos arbitrarios o provocar una denegaci\u00f3n de servicio (consumo de CPU y memoria) a trav\u00e9s de una declaraci\u00f3n de entidad externa en conjunci\u00f3n con una referencia a entidad, relacionado con aun problema XML External Entity (XXE), tambi\u00e9n conocida como Bug ID CSCuy39059.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.8}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:information_server:6.2_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74781EB9-52DD-4580-8366-B2059150F619\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}],\"evaluatorComment\":\"\u003ca href=\\\"http://cwe.mitre.org/data/definitions/611.html\\\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e\"}}"
  }
}

GSD-2016-1343

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-1343

Aliases

CVE-2016-1343

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1343",
    "description": "The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059.",
    "id": "GSD-2016-1343"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1343"
      ],
      "details": "The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059.",
      "id": "GSD-2016-1343",
      "modified": "2023-12-13T01:21:24.894623Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-1343",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20160428 Cisco Information Server XML Parser Denial of Service Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:information_server:6.2_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1343"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160428 Cisco Information Server XML Parser Denial of Service Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.8
        }
      },
      "lastModifiedDate": "2016-05-04T20:14Z",
      "publishedDate": "2016-04-30T10:59Z"
    }
  }
}

CERTFR-2016-AVI-153

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco WebEx Meetings Server version 2.6
Cisco	N/A	Cisco Prime Collaboration Assurance Software versions 10.5 à 11.0
Cisco	N/A	Cisco Finesse
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 6.0.x antérieures à 6.0.1
Cisco	N/A	Cisco APIC-EM version 1.0(1)
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.3.1.x antérieures à 5.3.1.7
Cisco	N/A	Cisco FirePOWER versions 5.3.x antérieures à 5.3.0.7
Cisco	N/A	Voir sur le site du constructeur pour les systèmes affectés par les vulnérabilités du Network Time Protocol Daemon (cf. section Documentation)
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.4.1.x antérieures à 5.4.1.6
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.4.0.x antérieures à 5.4.0.7
Cisco	N/A	Cisco Information Server version 6.2
Cisco	N/A	Cisco FirePOWER versions 5.4.x antérieures à 5.4.0.4
Cisco	N/A	Cisco TelePresence EX Series, Integrator C Series, MX Series, Profile Series, SX Series, SX Quick Set Series, VX Clinical Assistant et VX Tactical exécutant les versions suivantes : TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, ou CE 8.1.0

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20160428-apic du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-cwms du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-cis du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-openssl du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-firepower du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-fpkern du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-finesse du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-ntpd du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160503-pca du 03 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-tpxml du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-ntpd du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-tpxml du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-apic du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-cis du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-cwms du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-finesse du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-openssl du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-fpkern du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-firepower du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160503-pca du 04 mai 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco WebEx Meetings Server version 2.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Collaboration Assurance Software versions 10.5 \u00e0 11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Finesse",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 6.0.x ant\u00e9rieures \u00e0 6.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco APIC-EM version 1.0(1)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.3.1.x ant\u00e9rieures \u00e0 5.3.1.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco FirePOWER versions 5.3.x ant\u00e9rieures \u00e0 5.3.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Voir sur le site du constructeur pour les syst\u00e8mes affect\u00e9s par les vuln\u00e9rabilit\u00e9s du Network Time Protocol Daemon (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.4.1.x ant\u00e9rieures \u00e0 5.4.1.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.4.0.x ant\u00e9rieures \u00e0 5.4.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Information Server version 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco FirePOWER versions 5.4.x ant\u00e9rieures \u00e0 5.4.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence EX Series, Integrator C Series, MX Series, Profile Series, SX Series, SX Quick Set Series, VX Clinical Assistant et VX Tactical ex\u00e9cutant les versions suivantes : TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, ou CE 8.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1547"
    },
    {
      "name": "CVE-2016-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1387"
    },
    {
      "name": "CVE-2016-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2016-1550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1550"
    },
    {
      "name": "CVE-2016-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1343"
    },
    {
      "name": "CVE-2016-1549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1549"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2016-1368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1368"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2016-1551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1551"
    },
    {
      "name": "CVE-2016-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
    },
    {
      "name": "CVE-2016-1373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1373"
    },
    {
      "name": "CVE-2016-1392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1392"
    },
    {
      "name": "CVE-2016-2516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2516"
    },
    {
      "name": "CVE-2016-2518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2518"
    },
    {
      "name": "CVE-2016-2519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2519"
    },
    {
      "name": "CVE-2016-1369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1369"
    },
    {
      "name": "CVE-2015-7704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7704"
    },
    {
      "name": "CVE-2016-2517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2517"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2016-1386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1386"
    },
    {
      "name": "CVE-2016-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1389"
    },
    {
      "name": "CVE-2016-1548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1548"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-ntpd du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-tpxml du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-apic du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cis du 04 mai    2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cwms du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-finesse du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-openssl du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-fpkern du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-fpkern"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-firepower du    04 mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160503-pca du 04 mai    2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca"
    }
  ],
  "reference": "CERTFR-2016-AVI-153",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-05-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-apic du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cwms du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cis du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-openssl du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-firepower du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-fpkern du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-finesse du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-ntpd du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160503-pca du 03 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-tpxml du 04 mai 2016",
      "url": null
    }
  ]
}

CERTFR-2016-AVI-153

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco WebEx Meetings Server version 2.6
Cisco	N/A	Cisco Prime Collaboration Assurance Software versions 10.5 à 11.0
Cisco	N/A	Cisco Finesse
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 6.0.x antérieures à 6.0.1
Cisco	N/A	Cisco APIC-EM version 1.0(1)
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.3.1.x antérieures à 5.3.1.7
Cisco	N/A	Cisco FirePOWER versions 5.3.x antérieures à 5.3.0.7
Cisco	N/A	Voir sur le site du constructeur pour les systèmes affectés par les vulnérabilités du Network Time Protocol Daemon (cf. section Documentation)
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.4.1.x antérieures à 5.4.1.6
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.4.0.x antérieures à 5.4.0.7
Cisco	N/A	Cisco Information Server version 6.2
Cisco	N/A	Cisco FirePOWER versions 5.4.x antérieures à 5.4.0.4
Cisco	N/A	Cisco TelePresence EX Series, Integrator C Series, MX Series, Profile Series, SX Series, SX Quick Set Series, VX Clinical Assistant et VX Tactical exécutant les versions suivantes : TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, ou CE 8.1.0

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20160428-apic du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-cwms du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-cis du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-openssl du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-firepower du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-fpkern du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-finesse du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-ntpd du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160503-pca du 03 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-tpxml du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-ntpd du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-tpxml du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-apic du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-cis du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-cwms du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-finesse du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-openssl du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-fpkern du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-firepower du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160503-pca du 04 mai 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco WebEx Meetings Server version 2.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Collaboration Assurance Software versions 10.5 \u00e0 11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Finesse",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 6.0.x ant\u00e9rieures \u00e0 6.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco APIC-EM version 1.0(1)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.3.1.x ant\u00e9rieures \u00e0 5.3.1.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco FirePOWER versions 5.3.x ant\u00e9rieures \u00e0 5.3.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Voir sur le site du constructeur pour les syst\u00e8mes affect\u00e9s par les vuln\u00e9rabilit\u00e9s du Network Time Protocol Daemon (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.4.1.x ant\u00e9rieures \u00e0 5.4.1.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.4.0.x ant\u00e9rieures \u00e0 5.4.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Information Server version 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco FirePOWER versions 5.4.x ant\u00e9rieures \u00e0 5.4.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence EX Series, Integrator C Series, MX Series, Profile Series, SX Series, SX Quick Set Series, VX Clinical Assistant et VX Tactical ex\u00e9cutant les versions suivantes : TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, ou CE 8.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1547"
    },
    {
      "name": "CVE-2016-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1387"
    },
    {
      "name": "CVE-2016-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2016-1550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1550"
    },
    {
      "name": "CVE-2016-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1343"
    },
    {
      "name": "CVE-2016-1549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1549"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2016-1368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1368"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2016-1551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1551"
    },
    {
      "name": "CVE-2016-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
    },
    {
      "name": "CVE-2016-1373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1373"
    },
    {
      "name": "CVE-2016-1392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1392"
    },
    {
      "name": "CVE-2016-2516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2516"
    },
    {
      "name": "CVE-2016-2518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2518"
    },
    {
      "name": "CVE-2016-2519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2519"
    },
    {
      "name": "CVE-2016-1369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1369"
    },
    {
      "name": "CVE-2015-7704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7704"
    },
    {
      "name": "CVE-2016-2517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2517"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2016-1386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1386"
    },
    {
      "name": "CVE-2016-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1389"
    },
    {
      "name": "CVE-2016-1548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1548"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-ntpd du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-tpxml du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-apic du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cis du 04 mai    2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cwms du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-finesse du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-openssl du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-fpkern du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-fpkern"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-firepower du    04 mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160503-pca du 04 mai    2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca"
    }
  ],
  "reference": "CERTFR-2016-AVI-153",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-05-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-apic du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cwms du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cis du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-openssl du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-firepower du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-fpkern du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-finesse du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-ntpd du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160503-pca du 03 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-tpxml du 04 mai 2016",
      "url": null
    }
  ]
}

CNVD-2016-02750

Vulnerability from cnvd - Published: 2016-05-05

Title

Cisco Information Server XML解析器拒绝服务漏洞

Description

Cisco Information Server是一个思科数据虚拟化套件的基础，是基于Java的信息服务器。 Cisco Information Server的XML解析器的默认配置解析XML文件时未能正确处理XML外部实体，允许远程攻击者可通过提交特制的XML头获取敏感信息，进行拒绝服务攻击。

Severity

中

Patch Name

Cisco Information Server XML解析器拒绝服务漏洞的补丁

Patch Description

Cisco Information Server是一个思科数据虚拟化套件的基础，是基于Java的信息服务器。 Cisco Information Server的XML解析器的默认配置解析XML文件时未能正确处理XML外部实体，允许远程攻击者可通过提交特制的XML头获取敏感信息，进行拒绝服务攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis

Impacted products

Name
Cisco Information Server Release 6.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1343"
    }
  },
  "description": "Cisco Information Server\u662f\u4e00\u4e2a\u601d\u79d1\u6570\u636e\u865a\u62df\u5316\u5957\u4ef6\u7684\u57fa\u7840\uff0c\u662f\u57fa\u4e8eJava\u7684\u4fe1\u606f\u670d\u52a1\u5668\u3002\r\n\r\nCisco Information Server\u7684XML\u89e3\u6790\u5668\u7684\u9ed8\u8ba4\u914d\u7f6e\u89e3\u6790XML\u6587\u4ef6\u65f6\u672a\u80fd\u6b63\u786e\u5904\u7406XML\u5916\u90e8\u5b9e\u4f53\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u63d0\u4ea4\u7279\u5236\u7684XML\u5934\u83b7\u53d6\u654f\u611f\u4fe1\u606f\uff0c\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-02750",
  "openTime": "2016-05-05",
  "patchDescription": "Cisco Information Server\u662f\u4e00\u4e2a\u601d\u79d1\u6570\u636e\u865a\u62df\u5316\u5957\u4ef6\u7684\u57fa\u7840\uff0c\u662f\u57fa\u4e8eJava\u7684\u4fe1\u606f\u670d\u52a1\u5668\u3002\r\n\r\nCisco Information Server\u7684XML\u89e3\u6790\u5668\u7684\u9ed8\u8ba4\u914d\u7f6e\u89e3\u6790XML\u6587\u4ef6\u65f6\u672a\u80fd\u6b63\u786e\u5904\u7406XML\u5916\u90e8\u5b9e\u4f53\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u63d0\u4ea4\u7279\u5236\u7684XML\u5934\u83b7\u53d6\u654f\u611f\u4fe1\u606f\uff0c\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Information Server XML\u89e3\u6790\u5668\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco  Information Server Release 6.2"
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis",
  "serverity": "\u4e2d",
  "submitTime": "2016-04-30",
  "title": "Cisco Information Server XML\u89e3\u6790\u5668\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

VAR-201604-0051

Vulnerability from variot - Updated: 2023-12-18 13:29

The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059. (CPU Resource and memory consumption ) There are vulnerabilities that are put into a state. This case XML External entity (XXE) Vulnerability related to the problem. Vendors have confirmed this vulnerability Bug ID CSCuy39059 It is released as. Supplementary information : CWE Vulnerability type by CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (XML Inappropriate restrictions on external entity references ) Has been identified. Cisco Information Server is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial of service condition on a targeted system

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201604-0051",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "information server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.2_base"
      },
      {
        "model": "information server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.2"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002411"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1343"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-626"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:information_server:6.2_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1343"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported the issue.",
    "sources": [
      {
        "db": "BID",
        "id": "89109"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-1343",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-1343",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-90162",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.8,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 10.0,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-1343",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-1343",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201604-626",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90162",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-1343",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90162"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1343"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002411"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1343"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-626"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059. (CPU Resource and memory consumption ) There are vulnerabilities that are put into a state. This case XML External entity (XXE) Vulnerability related to the problem. Vendors have confirmed this vulnerability Bug ID CSCuy39059 It is released as. Supplementary information : CWE Vulnerability type by CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) (XML Inappropriate restrictions on external entity references ) Has been identified. Cisco Information Server is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial of service condition on a targeted system",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1343"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002411"
      },
      {
        "db": "BID",
        "id": "89109"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90162"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1343"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1343",
        "trust": 2.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002411",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-626",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "89109",
        "trust": 0.5
      },
      {
        "db": "VULHUB",
        "id": "VHN-90162",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1343",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90162"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1343"
      },
      {
        "db": "BID",
        "id": "89109"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002411"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1343"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-626"
      }
    ]
  },
  "id": "VAR-201604-0051",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90162"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:29:30.114000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160428-cis",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-cis"
      },
      {
        "title": "Cisco Information Server XML Remediation measures for resolver security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61308"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002411"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-626"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002411"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1343"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-cis"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1343"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1343"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.compositesw.com/products-services/information-server/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.securityfocus.com/bid/89109"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90162"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1343"
      },
      {
        "db": "BID",
        "id": "89109"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002411"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1343"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-626"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-90162"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1343"
      },
      {
        "db": "BID",
        "id": "89109"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002411"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1343"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-626"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-04-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90162"
      },
      {
        "date": "2016-04-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-1343"
      },
      {
        "date": "2016-04-28T00:00:00",
        "db": "BID",
        "id": "89109"
      },
      {
        "date": "2016-05-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002411"
      },
      {
        "date": "2016-04-30T10:59:04.643000",
        "db": "NVD",
        "id": "CVE-2016-1343"
      },
      {
        "date": "2016-04-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-626"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90162"
      },
      {
        "date": "2016-05-04T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-1343"
      },
      {
        "date": "2016-04-28T00:00:00",
        "db": "BID",
        "id": "89109"
      },
      {
        "date": "2016-05-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002411"
      },
      {
        "date": "2016-05-04T20:14:52.593000",
        "db": "NVD",
        "id": "CVE-2016-1343"
      },
      {
        "date": "2016-05-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-626"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-626"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Information Server of  XML Vulnerability in parser to read arbitrary files",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002411"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-626"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2016-1343

Vulnerability from fkie_nvd - Published: 2016-04-30 10:59 - Updated: 2025-04-12 10:46

Severity ?

10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

Summary

References

	URL	Tags
	psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	information_server	6.2_base

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:information_server:6.2_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "74781EB9-52DD-4580-8366-B2059150F619",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059."
    },
    {
      "lang": "es",
      "value": "El int\u00e9rprete XML en Cisco Information Server (CIS) 6.2 permite a atacantes remotos leer archivos arbitrarios o provocar una denegaci\u00f3n de servicio (consumo de CPU y memoria) a trav\u00e9s de una declaraci\u00f3n de entidad externa en conjunci\u00f3n con una referencia a entidad, relacionado con aun problema XML External Entity (XXE), tambi\u00e9n conocida como Bug ID CSCuy39059."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/611.html\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e",
  "id": "CVE-2016-1343",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.8,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-04-30T10:59:04.643",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-PQ6G-9M54-7J2H

Vulnerability from github – Published: 2022-05-17 03:56 – Updated: 2022-05-17 03:56

Details

Severity ?

10.0 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1343"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-04-30T10:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059.",
  "id": "GHSA-pq6g-9m54-7j2h",
  "modified": "2022-05-17T03:56:07Z",
  "published": "2022-05-17T03:56:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1343"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-1343 (GCVE-0-2016-1343)

GSD-2016-1343

CERTFR-2016-AVI-153

Solution

CERTFR-2016-AVI-153

Solution

CNVD-2016-02750

VAR-201604-0051

FKIE_CVE-2016-1343

GHSA-PQ6G-9M54-7J2H

Tags

Sightings

Nomenclature