CVE-2010-2840

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Presence Server
Vendor: CVE Published:; 26 August 2010

Summary

The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.

References

http://www.vupen.com/english/advisories/2010/2186

vdb-entryx_refsource_VUPEN

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Aug 26, 2010
Vulnerability Reserved
Jul 23, 2010