{ "id": "CVE-2011-3288", "sourceIdentifier": "ykramarz@cisco.com", "published": "2011-10-06T10:55:05.097", "lastModified": "2012-05-14T04:00:00.000", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564." }, { "lang": "es", "value": "Cisco Unified Presence antes de su versi\u00f3n v8.5(4) no detecta correctamente la recursividad durante la expansi\u00f3n de la entidad, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria y CPU, y finalmente la ca\u00edda del proceso) a trav\u00e9s de un documento XML debidamente modificado que contiene un gran n\u00famero de referencias a entidades anidadas. Se trata de un problema tambi\u00e9n conocido como Bug ID CSCtq89842 y CSCtq88547. Es un problema similar a CVE-2003-1564." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-399" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:*:*:*:*:*:*:*:*", "versionEndIncluding": "8.5\\(3\\)", "matchCriteriaId": "1F978B7A-7A79-4EA7-99F7-930F3974B51A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9C9B1A89-6A54-4BA7-9980-3EB46C650FFC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "4EBA6C36-8B78-45DF-B73E-326F6C72B6C6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "F7358448-71EA-49E7-BAAD-30B3F82C5A14" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "D425ACC6-F347-4106-8E1C-B95E9D82C21A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "2EBDC5EE-18F6-4C98-B815-1E14351EAD1F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(5\\):*:*:*:*:*:*:*", "matchCriteriaId": "309E650A-7907-4E57-B571-4B072E62A1EE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(6\\):*:*:*:*:*:*:*", "matchCriteriaId": "10AD3A1E-D9A2-4B90-A09A-2596B09B2F92" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(7\\):*:*:*:*:*:*:*", "matchCriteriaId": "9122B9CF-CDB8-448E-B9E4-6613D4B401BE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "D88C06B5-BD50-4A43-9B51-5D3D91F691F7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "194B6B31-58FD-42F9-BAAD-6D539D2DE445" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "61B1C092-C3D4-4BCF-8F16-27978150076A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "01BD934F-DC42-43CF-8B69-1B98D2CE5787" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "94BB2FB8-F54D-42B0-B8D9-37253D8A7794" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(5\\):*:*:*:*:*:*:*", "matchCriteriaId": "6CE37DDB-11FC-41B5-A9CB-60825ED8EC21" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(6\\):*:*:*:*:*:*:*", "matchCriteriaId": "325098C4-4AA0-43CF-A421-126D8BC05661" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(7\\):*:*:*:*:*:*:*", "matchCriteriaId": "FA453950-82A8-4374-8655-B3C7662074AA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(8\\):*:*:*:*:*:*:*", "matchCriteriaId": "202EB97F-B4D4-4269-9FE6-E11A637C2C0E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(9\\):*:*:*:*:*:*:*", "matchCriteriaId": "4C8B9CA0-3F44-4B5C-A8EE-BD8BC90FD076" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F7915D1A-5B9C-4D72-A6A8-C77BBDE40F68" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:8.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "CF088815-90E1-4A74-9EF2-BC3F0C8CFEF5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:8.0\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "A8F1A6C5-5150-4080-AE51-36432DC293E0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:8.0\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "1A5D87B2-E85D-4A28-9EFF-9408FDB35B92" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:8.0\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "60A36A8C-4CDD-4251-82F5-083C5BA1132A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "C7329B46-66E8-4429-8664-8DB94DBD3134" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:8.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "7320D823-9FCA-4624-8F94-FB2A6081BA87" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_presence:8.5\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "26D3FA4B-E9A5-413B-B13D-61EE62AA0444" } ] } ] } ], "references": [ { "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml", "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ] } ] }