Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Cisco Unified Communications Manager
дополнено с 27 апреля 2011 г.
Опубликовано:1 мая 2011 г.
Источник:
SecurityVulns ID:11632
Тип:удаленная
Уровень опасности:
6/10
Описание:DoS через SIP, обратный путь в каталогах, инъекция SQL.
Затронутые продукты:CISCO : Unified Communications Manager 6.1
 CISCO : Unified Communications Manager 7.1
 CISCO : Unified Communications Manager 8.0
 CISCO : Unified Communications Manager 8.5
CVE:CVE-2011-1610 (Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.)
 CVE-2011-1607 (Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.)
 CVE-2011-1606 (Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtg62855.)
 CVE-2011-1605 (Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCth39586.)
 CVE-2011-1604 (Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904.)
Оригинальный текстdocumentZDI, ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability (01.05.2011)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager (27.04.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород