CVE-2011-3287 — Cisco Jabber Extensible Communications Platform vulnerability

CWE-3994 documents4 sources

Severity

7.8HIGHNVD

CNA6.5

EPSS

0.4%

top 37.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Jabber Extensible Communications Platform

Timeline

PublishedOct 6

Latest updateMay 17

Description

Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x through 5.4.x before 5.4.0.27581 and 5.8.x before 5.8.1.27561 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug ID CSCtq78106, a similar issue to CVE-2003-1564.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/jabber_extensible_communications_platform5.8+4

🔴Vulnerability Details

GHSA

GHSA-m277-38hj-98fr: Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2↗2022-05-17

▶

CVEList

CVE-2011-3287: Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2↗2011-10-06

▶

📋Vendor Advisories

Cisco

Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability↗2011-09-28

▶