CVE-2011-0388

Sažetak

Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825.

Reference

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml
http://www.securityfocus.com/bid/46523
http://www.securitytracker.com/id?1025113
http://www.securitytracker.com/id?1025114

CVSS

Base:	7.8
Impact:	6.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

09-04-2011 - 03:32

Objavljeno

25-02-2011 - 12:00