Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564.
References
Link | Resource |
---|---|
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml | Not Applicable |
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20110928-xcpcupsxml.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cisco
Published: 2022-10-03T16:15:08
Updated: 2022-10-03T16:15:08
Reserved: 2022-10-03T00:00:00
Link: CVE-2011-3288
JSON object: View
NVD Information
Status : Analyzed
Published: 2011-10-06T10:55:05.097
Modified: 2024-02-15T21:00:10.167
Link: CVE-2011-3288
JSON object: View
Redhat Information
No data.
CWE