Preview Tool

Cisco Bug: CSCus51494 - ASPX-files in /tms/Public/feedback are vulnerable for a XML weakness

Last Modified

Aug 11, 2015

Products (1)

  • Cisco TelePresence Management Server

Known Affected Releases


Description (partial)

A vulnerability in the configuration of the XML parser Cisco TelePresence Management Suite (TMS) could allow an authenticated, remote attacker
to cause a
denial of service condition. .

The vulnerability is due to improper handling of XML external entities. An attacker could exploit this vulnerability by submitting POST requests
to the targeted system.

An affected system running the default configuration.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.