mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
213 lines
8.4 KiB
JSON
213 lines
8.4 KiB
JSON
{
|
|
"id": "CVE-2011-3288",
|
|
"sourceIdentifier": "ykramarz@cisco.com",
|
|
"published": "2011-10-06T10:55:05.097",
|
|
"lastModified": "2012-05-14T04:00:00.000",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Cisco Unified Presence antes de su versi\u00f3n v8.5(4) no detecta correctamente la recursividad durante la expansi\u00f3n de la entidad, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria y CPU, y finalmente la ca\u00edda del proceso) a trav\u00e9s de un documento XML debidamente modificado que contiene un gran n\u00famero de referencias a entidades anidadas. Se trata de un problema tambi\u00e9n conocido como Bug ID CSCtq89842 y CSCtq88547. Es un problema similar a CVE-2003-1564."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "COMPLETE",
|
|
"baseScore": 7.8
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 6.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-399"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "8.5\\(3\\)",
|
|
"matchCriteriaId": "1F978B7A-7A79-4EA7-99F7-930F3974B51A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:6.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9C9B1A89-6A54-4BA7-9980-3EB46C650FFC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(1\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4EBA6C36-8B78-45DF-B73E-326F6C72B6C6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(2\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F7358448-71EA-49E7-BAAD-30B3F82C5A14"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(3\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D425ACC6-F347-4106-8E1C-B95E9D82C21A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(4\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2EBDC5EE-18F6-4C98-B815-1E14351EAD1F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(5\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "309E650A-7907-4E57-B571-4B072E62A1EE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(6\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "10AD3A1E-D9A2-4B90-A09A-2596B09B2F92"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:6.0\\(7\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9122B9CF-CDB8-448E-B9E4-6613D4B401BE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:7.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D88C06B5-BD50-4A43-9B51-5D3D91F691F7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(1\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "194B6B31-58FD-42F9-BAAD-6D539D2DE445"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(2\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "61B1C092-C3D4-4BCF-8F16-27978150076A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(3\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "01BD934F-DC42-43CF-8B69-1B98D2CE5787"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(4\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "94BB2FB8-F54D-42B0-B8D9-37253D8A7794"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(5\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6CE37DDB-11FC-41B5-A9CB-60825ED8EC21"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(6\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "325098C4-4AA0-43CF-A421-126D8BC05661"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(7\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FA453950-82A8-4374-8655-B3C7662074AA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(8\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "202EB97F-B4D4-4269-9FE6-E11A637C2C0E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:7.0\\(9\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4C8B9CA0-3F44-4B5C-A8EE-BD8BC90FD076"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:8.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F7915D1A-5B9C-4D72-A6A8-C77BBDE40F68"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:8.0\\(1\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CF088815-90E1-4A74-9EF2-BC3F0C8CFEF5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:8.0\\(2\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A8F1A6C5-5150-4080-AE51-36432DC293E0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:8.0\\(3\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1A5D87B2-E85D-4A28-9EFF-9408FDB35B92"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:8.0\\(4\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "60A36A8C-4CDD-4251-82F5-083C5BA1132A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:8.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C7329B46-66E8-4429-8664-8DB94DBD3134"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:8.5\\(1\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7320D823-9FCA-4624-8F94-FB2A6081BA87"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:unified_presence:8.5\\(2\\):*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "26D3FA4B-E9A5-413B-B13D-61EE62AA0444"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml",
|
|
"source": "ykramarz@cisco.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |