Lucene search

K

CiscoCVELIST:CVE-2011-1610

HistoryMay 03, 2011 - 10:00 p.m.

CVE-2011-1610

2011-05-0322:00:00

cisco

www.cve.org

8.3 High

AI Score

Confidence

Low

0.93 High

EPSS

Percentile

99.1%

Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.

References

archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html

secunia.com/advisories/44331

www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml

www.securityfocus.com/archive/1/517727/100/0/threaded

www.securityfocus.com/bid/47607

www.securitytracker.com/id?1025449

www.vupen.com/english/advisories/2011/1122

zerodayinitiative.com/advisories/ZDI-11-143/

exchange.xforce.ibmcloud.com/vulnerabilities/67126

8.3 High

AI Score

Confidence

Low

0.93 High

EPSS

Percentile

99.1%

Related for CVELIST:CVE-2011-1610

cve1 securityvulns3 cisco1 zdi1 checkpoint_advisories1 prion1 nvd1 packetstorm1