Vulnslist

find the latest Cisco vulnerabilities

Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability

cisco-sa-20110928-xcpcupsxml · High · Published · Updated

A denial of service (DoS) vulnerability exists in Jabber Extensible Communications Platform (Jabber XCP) and Cisco Unified Presence. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious XML to an affected server. Successful exploitation of this vulnerability could cause elevated memory and CPU utilization, resulting in memory exhaustion and process crashes. Repeated exploitation could result in a sustained DoS condition. There are no workarounds available to mitigate exploitation of this vulnerability. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-xcpcupsxml.

Cisco advisory ·CSAF JSON

Workarounds

There are no available workarounds to mitigate this
vulnerability.

CVEsCVE-2011-3287, CVE-2011-3288
Cisco Bug IDsNA
CVSS ScoreBase 7.8
Base 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND
Product Names From Source
Cisco Unified Presence Server, Cisco Jabber Extensible Communications Platform (Jabber XCP)

Related Products

Product CVE Evidence
Cisco Unified Presence Server CVE-2011-3288 Cisco OpenVuln
Cisco Unified Presence Server CVE-2011-3287 Cisco OpenVuln
Cisco Jabber Extensible Communications Platform (Jabber XCP) CVE-2011-3288 Cisco OpenVuln
Cisco Jabber Extensible Communications Platform (Jabber XCP) CVE-2011-3287 Cisco OpenVuln
Cisco Jabber CVE-2011-3288 Cisco OpenVuln
Cisco Jabber CVE-2011-3287 Cisco OpenVuln