Cisco TelePresence Server Denial of Service Vulnerability (CVE-2015-6313)
Cisco TelePresence Server Denial of Service Vulnerability (CVE-2015-6313)
Release date:
Updated on:
Affected Systems:
Cisco TelePresence Server 4.1 (2.29)-4.2 (4.17)
Description:
CVE (CAN) ID: CVE-2015-6313
Cisco TelePresence is a Cisco TelePresence solution.
The HTTP resolution engine of Cisco TelePresence Server 4.1 (2.29)-4.2 (4.17) version fails to properly process the constructed URL, which can cause unauthenticated remote attackers to overload the affected device.
<* Source: Cisco
Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1
*>
Suggestion:
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20160406-cts1) and patches for this:
Cisco-sa-20160406-cts1: Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability
Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1
This article permanently updates the link address: