Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2011-10-06T10:00:00Z
Updated: 2024-09-16T22:36:23.734Z
Reserved: 2011-08-29T00:00:00Z
Link: CVE-2011-3288
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2011-10-06T10:55:05.097
Modified: 2024-02-15T21:00:10.167
Link: CVE-2011-3288
Redhat
No data.