exploitDog

CVE-2011-3288

Опубликовано: 06 окт. 2011

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564.

Ссылки

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml
Not Applicable
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20110928-xcpcupsxml.html
Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml
Not Applicable

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cisco:unified_presence:*:*:*:*:*:*:*:*

Версия до 8.5\(4\) (исключая)

EPSS

Процентиль: 67%

0.00527

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-776

Связанные уязвимости

GHSA-66wf-g54m-27m7

CVSS3: 7.5

github

больше 3 лет назад

Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564.

EPSS

Процентиль: 67%

0.00527

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-776