Lucene search

K

[email protected]NVD:CVE-2011-3287

HistoryOct 06, 2011 - 10:55 a.m.

CVE-2011-3287

2011-10-0610:55:05

CWE-399

[email protected]

web.nvd.nist.gov

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x through 5.4.x before 5.4.0.27581 and 5.8.x before 5.8.1.27561 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug ID CSCtq78106, a similar issue to CVE-2003-1564.

Affected configurations

NVD

Node

ciscojabber_extensible_communications_platformRange≤5.8

Node

ciscojabber_extensible_communications_platformRange≤5.4

OR

ciscojabber_extensible_communications_platformMatch5.0

OR

ciscojabber_extensible_communications_platformMatch5.1

OR

ciscojabber_extensible_communications_platformMatch5.2

References

www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

Related for NVD:CVE-2011-3287

prion28 cvelist29 cve29 ubuntucve13 nvd28 freebsd1 openvas22 debiancve11 nessus20 redhatcve1 osv3 github2 centos1 redhat1 veracode1 cisco1 securityvulns3