Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0581

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-0581
Last Modified 17 Sep 2015 12:32:49
Published 28 Jan 2015 05:59:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2015-0581

Summary

The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related to an XML External Entity (XXE) issue, aka Bug ID CSCup92880.

Vulnerable Systems

Application

  • Cisco Prime Service Catalog 10.0


References

CISCO - 20150128 Cisco Prime Service Catalog XML External Entity Processing Vulnerability

SECTRACK - 1031658

BID - 72350


Last Updated: 27 May 2016 10:55:46