Информационная безопасность
[RU] switch to English


DoS против Cisco Jabber Extensible Communications Platform / Cisco Unified Presence
Опубликовано:2 октября 2011 г.
Источник:
SecurityVulns ID:11938
Тип:локальная
Уровень опасности:
6/10
Описание:Исчерпание ресурсов при разборе XML.
CVE:CVE-2011-3288 (Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564.)
 CVE-2011-3287 (Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x through 5.4.x before 5.4.0.27581 and 5.8.x before 5.8.1.27561 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug ID CSCtq78106, a similar issue to CVE-2003-1564.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability (02.10.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород