安全研究

安全漏洞
Cisco Unified Presence和Jabber XCP XML Bomb远程拒绝服务漏洞

发布日期:2011-09-28
更新日期:2011-09-28

受影响系统:
Cisco Cisco Unified Presence Server Cisco Unified Presence Server
Cisco Cisco Unified Presence Server Cisco Unified Presence Server
Cisco Cisco Unified Presence Server Cisco Unified Presence Server
Cisco Cisco Unified Presence Server Cisco Unified Presence Server
Cisco Cisco Unified Presence Server Cisco Unified Presence Server
Cisco Cisco Unified Presence Server Cisco Unified Presence Server
Cisco Cisco Unified Presence Server Cisco Unified Presence Server
Cisco Cisco Unified Presence Server Cisco Unified Presence Server
Cisco Cisco Unified Presence Server Cisco Unified Presence Server
Cisco Cisco Unified Presence Server Cisco Unified Presence Server
Cisco Cisco Unified Presence Server Cisco Unified Presence Server
Cisco Cisco Unified Presence Server Cisco Unified Presence Server
Cisco Cisco Unified Presence Server Cisco Unified Presence Server
Cisco Cisco Unified Presence Server Cisco Unified Presence Server
Cisco Jabber XCP Cisco Jabber XCP 5.8
Cisco Jabber XCP Cisco Jabber XCP 5.4
Cisco Jabber XCP Cisco Jabber XCP 5.2
Cisco Jabber XCP Cisco Jabber XCP 5.1
Cisco Jabber XCP Cisco Jabber XCP 5.0
Cisco Jabber XCP Cisco Jabber XCP 4.0
Cisco Jabber XCP Cisco Jabber XCP 3.0
Cisco Jabber XCP Cisco Jabber XCP 2.0
不受影响系统:
Cisco Jabber XCP Cisco Jabber XCP 5.8.1.27561
Cisco Jabber XCP Cisco Jabber XCP 5.4.0.27581
描述:
BUGTRAQ  ID: 49819
CVE ID: CVE-2011-3287

Jabber XCP和Cisco Unified Presence提供了开发的扩展平台,可促进可用性和IM信息的安全交互。

Jabber XCP (包括JabberNow设备)和Cisco Unified Presence中的XML解析程序在实现上存在指数实体扩展漏洞(又称XML炸弹),远程攻击者可利用此漏洞造成解析程序或下层服务器挂起或崩溃。

攻击会结合某些XML属性以创建有效且恶意的XML,当XML解析器尝试扩展所有嵌套实体时,所有服务器资源将会快速耗尽。

<*来源:Cisco
  
  链接:http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml
*>

建议:
厂商补丁:

Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20110928-xcpcupsxml)以及相应补丁:

cisco-sa-20110928-xcpcupsxml:Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability

链接:http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml

浏览次数:2622
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客