| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <201105181102.cuom-ep@psirt.cisco.com> Date: Wed, 18 May 2011 11:02:12 -0400 From: Cisco Systems Product Security Incident Response Team <psirt@...co.com> To: full-disclosure@...ts.grok.org.uk Cc: psirt@...co.com Subject: Re: Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello, This is the Cisco PSIRT response to the vulnerabilities that were discovered and reported to Cisco Systems by Brett Gervasoni of Sense of Security, regarding multiple vulnerabilities in Cisco Unified Operations Manager (CuOM). We greatly appreciate the opportunity to work with researchers on security vulnerabilities and welcome the opportunity to review and assist in product reports. These vulnerabilities are documented in the following Cisco bug IDs and Intellishield vulnerability alerts: * CSCtn61716: XSS and SQL Blind Vulnerabilities in Cisco Unified Operations Manager Intellishield vulnerability alerts: SQL Blind Injection: http://tools.cisco.com/security/center/viewAlert.x?alertId=23085 CuOM XSS Vulnerabilities: http://tools.cisco.com/security/center/viewAlert.x?alertId=23086 * CSCto12704: Reflected Cross Site Scripting into ServerHelpEngine servlet Intellishield vulnerability alert: http://tools.cisco.com/security/center/viewAlert.x?alertId=23088 * CSCto12712: XSS vulnerability in CuOM Device Center Intellishield vulnerability alert: http://tools.cisco.com/security/center/viewAlert.x?alertId=23087 * CSCto35577: Directory Traversal vulnerabilities in CWHP Intellishield vulnerability alert: http://tools.cisco.com/security/center/viewAlert.x?alertId=23089 Information related to affected software versions and fixed software are available in the published Intellishield vulnerability alerts and the Cisco Bug ID release note enclosures. Cisco PSIRT -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iF4EAREIAAYFAk3T3YwACgkQQXnnBKKRMNA3lwD8DFK3dw5Gc5ZsGbajYDc0YuGx nGeYOvu2Hcp1gDBrFvcA/1DcbqvNMwMf0+04qWpUWSD+ckwfIh7LmNROFONwBCEI =ypJ9 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists