CVE-2011-3287

Name of the Vulnerable Software and Affected Versions Cisco Jabber Extensible Communications Platform (aka Jabber XCP) versions 2.x through 5.4.x before 5.4.0.27581 Cisco Jabber Extensible Communications Platform (aka Jabber XCP) versions 5.8.x before 5.8.1.27561

Description The issue is related to improper detection of recursion during entity expansion, allowing remote attackers to cause a denial of service. This can be achieved by sending a crafted XML document containing a large number of nested entity references, leading to memory and CPU consumption, and process crash.

Recommendations For versions 2.x through 5.4.x before 5.4.0.27581, update to version 5.4.0.27581 or later. For versions 5.8.x before 5.8.1.27561, update to version 5.8.1.27561 or later.