CVE-2016-1343

Published: Apr 30, 2016Modified: May 6, 2026

10.0

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

Exploitability: 3.9 / Impact: 5.8

Source: NVD

Description

The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059.

Affected (1)

Products: Cisco: Information Server

Cisco

1 product

Information Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Information Server	Version 6.2_base

References (2)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.