CVE-2016-1343
First published: Sat Apr 30 2016(Updated: )
The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM InfoSphere Information Server | =6.2_base |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1343?
CVE-2016-1343 is classified as a high severity vulnerability due to its potential for remote exploitation.
How do I fix CVE-2016-1343?
To fix CVE-2016-1343, update Cisco Information Server to the latest patched version provided by Cisco.
What type of vulnerability is CVE-2016-1343?
CVE-2016-1343 is an XML External Entity (XXE) vulnerability that can allow remote file reading and denial of service.
Who is affected by CVE-2016-1343?
CVE-2016-1343 affects users of Cisco Information Server version 6.2_base.
What can attackers achieve by exploiting CVE-2016-1343?
Attackers exploiting CVE-2016-1343 can read arbitrary files and potentially cause denial of service due to high CPU and memory consumption.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/ibm infosphere information server
- version/ibm infosphere information server/6.2_base