CVE-2011-3288
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564.
Cisco Unified Presence antes de su versión v8.5(4) no detecta correctamente la recursividad durante la expansión de la entidad, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y CPU, y finalmente la caída del proceso) a través de un documento XML debidamente modificado que contiene un gran número de referencias a entidades anidadas. Se trata de un problema también conocido como Bug ID CSCtq89842 y CSCtq88547. Es un problema similar a CVE-2003-1564.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-08-29 CVE Reserved
- 2011-09-28 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Unified Presence Search vendor "Cisco" for product "Unified Presence" | < 8.5\(4\) Search vendor "Cisco" for product "Unified Presence" and version " < 8.5\(4\)" | - |
Affected
|