Cisco Bug: CSCun50127 - Someone with an envelope can kill an app server
Jan 27, 2017
- Cisco Registered Envelope Service
Known Affected Releases
Symptom: A specially crafted envelope referencing a custom (although trivial to implement) webserver can be used to cause a CRES app server to run out of memory. Conditions: Modify an envelope to reference a "faux" keyserver which responds to requests with a large amount of data. Use MDS to attempt to open the envelope.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases