CVE-2015-0581
First published: Wed Jan 28 2015(Updated: )
The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related to an XML External Entity (XXE) issue, aka Bug ID CSCup92880.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Prime Service Catalog | <=10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0581?
CVE-2015-0581 has been classified as a moderate severity vulnerability.
How do I fix CVE-2015-0581?
To mitigate CVE-2015-0581, upgrade to Cisco Prime Service Catalog version 10.1 or later.
What are the potential impacts of CVE-2015-0581?
The potential impacts of CVE-2015-0581 include unauthorized access to sensitive files and denial of service due to high CPU and memory consumption.
Who is affected by CVE-2015-0581?
CVE-2015-0581 affects users of Cisco Prime Service Catalog versions prior to 10.1.
What type of vulnerability is CVE-2015-0581?
CVE-2015-0581 is an XML parsing vulnerability that can be exploited by remote authenticated users.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/cisco
- canonical/cisco prime service catalog
- version/cisco prime service catalog/10.0