Guest

Preview Tool

Cisco Bug: CSCur57794 - Telepresence Manager(CTS-Man) Apache vulnerability

Last Modified

Sep 12, 2019

Products (1)

  • Cisco TelePresence Manager

Known Affected Releases

1.9.3

Description (partial)

Symptoms:
Cisco TelePresence Manager includes a version of Apache HTTPD and the Expat library that are affected by the
vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2008-2364: The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the
Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows
remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim
responses. This has been classified by the vendor as having a CVSSv2 score of 5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P)

CVE-2008-2939: Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache
2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions,
allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component
in the pathname in an FTP URI. This has been classified by the vendor as having a CVSSv2 score of 4.3
(AV:N/AC:M/AU:N/C:N/I:P/A:N)

CVE-2009-1891: The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until
completion even after the associated network connection is closed, which allows remote attackers to cause a
denial of service (CPU consumption). This has been classified by the vendor as having a CVSSv2 score of 6.8
(AV:N/AC:L/Au:S/C:N/I:N/A:C)

CVE-2009-2412: Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable
Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1)
allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3)
apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to
buffer overflows. NOTE: some of these details are obtained from third party information. This has been
classified by the vendor as having a CVSSv2 score of 10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)

CVE-2009-3094: The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in
the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer
dereference and child process crash) via a malformed reply to an EPSV command. This has been classified by the
vendor as having a CVSSv2 score of 2.6 (AV:N/AC:H/AU:N/C:N/I:N/A:P)

CVE-2009-3095: The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended
access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these
commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional
8.11. This has been classified by the vendor as having a CVSSv2 score of 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2009-3555: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet
Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,
GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, and other products, does
not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle
attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by
sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation
context, related to a ''plaintext injection'' attack, aka the ''Project Mogul'' issue. This has been classified by
the vendor as having a CVSSv2 score of 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE-2010-0425: modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63,
2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing
is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute
arbitrary code via unspecified vectors related to a crafted request, a reset packet, and ''orphaned callback
pointers.'' This has been classified by the vendor as having a CVSSv2 score of 10.0
(AV:N/AC:L/AU:N/C:C/I:C/A:C)

CVE-2010-0434: The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before
2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain
circumstances involving a parent request that has a body, which might allow remote attackers to obtain
sensitive information via a crafted request that triggers access to memory locations associated with an
earlier request. This has been classified by the vendor as having a CVSSv2 score of 4.3
(AV:N/AC:M/AU:N/C:P/I:N/A:N)

CVE-2010-1452: The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow
remote attackers to cause a denial of service (process crash) via a request that lacks a path. This has been
classified by the vendor as having a CVSSv2 score of 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVE-2010-1623: Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache
Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the
Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory
consumption) via unspecified vectors related to the destruction of an APR bucket. This has been classified by
the vendor as having a CVSSv2 score of 5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P)

CVE-2009-3560: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig
module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an
XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function
in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720. This has been classified by
the vendor as having a CVSSv2 score of 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2009-3720: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python,
PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service
(application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a
different vulnerability than CVE-2009-2625. This has been classified by the vendor as having a CVSSv2 score of
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

This bug was opened to address the potential impact on this product.

Conditions:
Running version of the software prior to the Known Fixed Releases
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.