Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1610

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2011-1610
Last Modified 11 May 2011 03:25:38
Published 03 May 2011 06:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1610

Summary

Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.

Vulnerable Systems

Application

  • Cisco Unified Communications Manager 6.0

  • Cisco Unified Communications Manager 6.1%281%29

  • Cisco Unified Communications Manager 6.1%281a%29

  • Cisco Unified Communications Manager 6.1%281b%29

  • Cisco Unified Communications Manager 6.1%282%29

  • Cisco Unified Communications Manager 6.1%282%29su1

  • Cisco Unified Communications Manager 6.1%282%29su1a

  • Cisco Unified Communications Manager 6.1%283%29

  • Cisco Unified Communications Manager 6.1%283a%29

  • Cisco Unified Communications Manager 6.1%283b%29

  • Cisco Unified Communications Manager 6.1%283b%29su1

  • Cisco Unified Communications Manager 6.1%284%29

  • Cisco Unified Communications Manager 6.1%284%29su1

  • Cisco Unified Communications Manager 6.1%284a%29

  • Cisco Unified Communications Manager 6.1%284a%29su2

  • Cisco Unified Communications Manager 6.1%285%29

  • Cisco Unified Communications Manager 6.1%285%29su1

  • Cisco Unified Communications Manager 6.1%285%29su2

  • Cisco Unified Communications Manager 7.0%281%29su1

  • Cisco Unified Communications Manager 7.0%281%29su1a

  • Cisco Unified Communications Manager 7.0%282%29

  • Cisco Unified Communications Manager 7.0%282a%29

  • Cisco Unified Communications Manager 7.0%282a%29su1

  • Cisco Unified Communications Manager 7.0%282a%29su2

  • Cisco Unified Communications Manager 7.1%282a%29

  • Cisco Unified Communications Manager 7.1%282a%29su1

  • Cisco Unified Communications Manager 7.1%282b%29

  • Cisco Unified Communications Manager 7.1%282b%29su1

  • Cisco Unified Communications Manager 7.1%283%29

  • Cisco Unified Communications Manager 7.1%283a%29

  • Cisco Unified Communications Manager 7.1%283a%29su1

  • Cisco Unified Communications Manager 7.1%283a%29su1a

  • Cisco Unified Communications Manager 7.1%283b%29

  • Cisco Unified Communications Manager 7.1%283b%29su1

  • Cisco Unified Communications Manager 7.1%283b%29su2

  • Cisco Unified Communications Manager 7.1%285%29

  • Cisco Unified Communications Manager 7.1%285%29su1

  • Cisco Unified Communications Manager 7.1%285%29su1a

  • Cisco Unified Communications Manager 7.1%285a%29

  • Cisco Unified Communications Manager 7.1%285b%29

  • Cisco Unified Communications Manager 7.1%285b%29su2

  • Cisco Unified Communications Manager 7.1%285b%29su3

  • Cisco Unified Communications Manager 8.0

  • Cisco Unified Communications Manager 8.0%282c%29

  • Cisco Unified Communications Manager 8.0%282c%29su1

  • Cisco Unified Communications Manager 8.0%283%29

  • Cisco Unified Communications Manager 8.0%283a%29

  • Cisco Unified Communications Manager 8.0%283a%29su1


References

MISC - http://zerodayinitiative.com/advisories/ZDI-11-143/

XF - ucm-sql-injection(67126)

VUPEN - ADV-2011-1122

SECTRACK - 1025449

BID - 47607

BUGTRAQ - 20110428 ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability

CISCO - 20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager

SECUNIA - 44331

FULLDISC - 20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability


Last Updated: 27 May 2016 10:56:23