CVE-2011-3288

Name of the Vulnerable Software and Affected Versions Cisco Unified Presence versions prior to 8.5(4)

Description The issue allows remote attackers to cause a denial of service, consuming memory and CPU, and potentially crashing the process. This is achieved by sending a crafted XML document that contains a large number of nested entity references, which the system fails to properly detect due to recursion during entity expansion.

Recommendations For versions prior to 8.5(4), update to version 8.5(4) or later to resolve the issue.