2 matches found
Code injection
The Presence Engine PE service in Cisco Unified Presence 6.x before 6.07 and 7.x before 7.08 does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service process failure via a malformed message, aka Bug ID...
CVE-2010-2840
The Presence Engine PE service in Cisco Unified Presence 6.x before 6.07 and 7.x before 7.08 does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service process failure via a malformed message, aka Bug ID...