Cisco Unified Presence and Jabber Extensible Communications Platform Stream Header Denial of Service Vulnerability

2012-09-1216:00:00

tools.cisco.com

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.012

Percentile

85.1%

JSON

A denial of service (DoS) vulnerability exists in Cisco Unified Presence and Jabber Extensible Communications Platform (Jabber XCP). An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted Extensible Messaging and Presence Protocol (XMPP) stream header to an affected server. Successful exploitation of this vulnerability could cause the Connection Manager process to crash. Repeated exploitation could result in a sustained DoS condition.

There are no workarounds available to mitigate exploitation of this vulnerability.

Cisco has released software updates that address this vulnerability. This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-cupxcp[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-cupxcp”]

Affected configurations

Vulners

Node

ciscounified_presence_serverMatchany

ciscojabber_extensible_communications_platformMatchany

ciscounified_presence_serverMatchany

ciscojabber_extensible_communications_platformMatchany

VendorProductVersionCPE
ciscounified_presence_serveranycpe:2.3:a:cisco:unified_presence_server:any:*:*:*:*:*:*:*
ciscojabber_extensible_communications_platformanycpe:2.3:a:cisco:jabber_extensible_communications_platform:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_presence_server	any	cpe:2.3:a:cisco:unified_presence_server:any:::::::*
cisco	jabber_extensible_communications_platform	any	cpe:2.3:a:cisco:jabber_extensible_communications_platform:any:::::::*