[c-nsp] Cisco Security Advisory: Cisco Unified Presence and Jabber Extensible Communications Platform Stream Header Denial of Service Vulnerability

Cisco Systems Product Security Incident Response Team psirt at cisco.com
Wed Sep 12 12:12:12 EDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Unified Presence and Jabber Extensible Communications Platform
Stream Header Denial of Service Vulnerability

Advisory ID: cisco-sa-20120912-cupxcp

Revision 1.0

For Public Release 2012 September 12 16:00  UTC (GMT)
+---------------------------------------------------------------------

Summary
=======

A denial of service (DoS) vulnerability exists in Cisco Unified
Presence and Jabber Extensible Communications Platform (Jabber XCP).
An unauthenticated, remote attacker could exploit this vulnerability
by sending a specially crafted Extensible Messaging and Presence
Protocol (XMPP) stream header to an affected server. Successful
exploitation of this vulnerability could cause the Connection Manager
process to crash.  Repeated exploitation could result in a sustained
DoS condition.

There are no workarounds available to mitigate exploitation of this
vulnerability.

Cisco has released free software updates that address this
vulnerability.  

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-cupxcp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlBQmfoACgkQUddfH3/BbTr41QEAiEtU1YJmRk9YpE1gC5mlqWDN
nfdqWNCjaeDKfgnJjYYA/jqFNpCPCHjUL4Oon847zNnduIW2CY9SBrWc9g2iYLNL
=qvOa
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list