[c-nsp] Cisco Security Advisory: Cisco Prime Service Catalog XML External Entity Processing Vulnerability

Cisco Systems Product Security Incident Response Team psirt at cisco.com
Wed Jan 28 11:44:17 EST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Prime Service Catalog XML External Entity Processing Vulnerability

Advisory ID: cisco-sa-20150128-psc-xmlee

Revision 1.0

For Public Release 2015 January 28 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the configuration of the XML parser of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive data stored on the host operating system or cause system resource consumption that could cause a denial of service condition.

Cisco has released free software updates that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-psc-xmlee
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJUyQx+AAoJEIpI1I6i1Mx3odMP/jz2w79smwN6h1FDcURnc0kW
1399pHnEFDOrzh2OcGMh++P77Efd8cBEwFctX4yhddMbK6qxQAudR2TqCUz7AS0X
/f4uRCn1nESPbMGyH89wC0QsEyy7vK+HWPr5g0DhUNYZz1lhzVSFiju0MpNhB9Rj
gJlEspPOhMpIvdgqa4t8Nw3D6TH/bSyPiSJs4k80G+LR6JP2XtbJ7jfoqhtheZUE
4Dk0jCRjoxsy2eIwN83GECFY+Efk5zLalCa6Np4WTCEqdaKYF8nCGTit+9NQTGqN
wG7IGmgoIcptSnr1AQ3p/b6fidWOeO+iys95VV/rrJyjjv3TntX5mi4PapIqK2jf
d3bZNipx3rz70GYhFKT4QjLrQExfqY4ZO/MbYcPAtbd9dZc9rmBFRaosV7gWw/9b
BhP/r4b1z0hr4JXqXJAiwkt/aIvLd78tvXG4j5WXVn8gTAFTypDcxGB6HBx91CTS
dVe8vwCEjn4DouKfU202pvy8zW2Zb+cIa6+OCW/j68GgdeYoiFX4wkq+8ZErfrg9
0zfAxxwiQ68EY6GOigrmX3iqB5hanSuOaO5crRGV/lGph7XZL+r7UVfXufyIXO29
l0ReYyq8xavf215w2f9QR3k8eaB8ACIjsnpgUc+VtVLGGR/wAnX3M9ASzjEI4QlZ
TP2rdOXiw+hRrKt6uAzn
=NTRk
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list