Cisco Unified Presence Server Web Interface SQL Injection Vulnerability

Source: Internet
Author: User

Release date:
Updated on:

Affected Systems:
Cisco Unified Presence Server 8.6 (4)
Description:
--------------------------------------------------------------------------------
Bugtraq id: 64551
CVE (CAN) ID: CVE-2013-6983

Cisco Unified Presence is an enterprise-level platform driven by Jabber XMPP. It can collect information about user availability and communication functions to provide Unified user network status, provides support for Cisco Unified Communications and key business applications based on network status.

A security vulnerability exists in the Web interface of Cisco uniied Presence Server 8.6 (4), which allows authenticated remote attackers to affect the confidentiality, integrity, and availability of the affected system. This vulnerability is caused by the failure to correctly verify user input in the SQL query. Attackers exploit this vulnerability through specially crafted URLs, including SQL statements.

<* Source: Cisco

Link: http://secunia.com/advisories/56273
Http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6983
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Cisco
-----
Cisco has released a Security Bulletin (CVE-2013-6983) and patches for this:
CVE-2013-6983: Cisco uniied Presence Server SQL Injection Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6983

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.