Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Unified Presence and Jabber Extensible Communications Platform Stream Header Denial of Service Vulnerability

cisco-sa-20120912-cupxcp · High · Published · Updated

A denial of service (DoS) vulnerability exists in Cisco Unified Presence and Jabber Extensible Communications Platform (Jabber XCP). An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted Extensible Messaging and Presence Protocol (XMPP) stream header to an affected server. Successful exploitation of this vulnerability could cause the Connection Manager process to crash.  Repeated exploitation could result in a sustained DoS condition. There are no workarounds available to mitigate exploitation of this vulnerability. Cisco has released software updates that address this vulnerability.  This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-cupxcp

Cisco advisory · CSAF JSON

Workarounds

There are no available workarounds to mitigate this vulnerability.

Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Intelligence companion document for this Advisory: http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=26732["http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=26732"]

CVEsCVE-2012-3935
Cisco Bug IDsCSCtu32832
CVSS ScoreBase 7.8
Base 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C
Product Names From Source
Cisco Unified Presence Server, Cisco Jabber Extensible Communications Platform (Jabber XCP)

Related Products

Product CVE Evidence
Cisco Unified Presence Server CVE-2012-3935 Cisco OpenVuln
Cisco Jabber Extensible Communications Platform (Jabber XCP) CVE-2012-3935 Cisco OpenVuln
Cisco Jabber CVE-2012-3935 Cisco OpenVuln