Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3287

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2011-3287
Last Modified 14 May 2012 12:00:00
Published 06 Oct 2011 06:55:05
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3287

Summary

Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x through 5.4.x before 5.4.0.27581 and 5.8.x before 5.8.1.27561 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug ID CSCtq78106, a similar issue to CVE-2003-1564.

Vulnerable Systems

Application

  • Cisco Jabber Extensible Communications Platform 5.0

  • Cisco Jabber Extensible Communications Platform 5.1

  • Cisco Jabber Extensible Communications Platform 5.2

  • Cisco Jabber Extensible Communications Platform 5.4

  • Cisco Jabber Extensible Communications Platform 5.8


References

CISCO - 20110928 Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability


Last Updated: 27 May 2016 10:57:41