Denial of Service Vulnerability in Cisco Jabber Extensible Communications Platform

CVE-2011-3287

Summary

The Cisco Jabber Extensible Communications Platform versions 2.x to 5.4.x (prior to 5.4.0.27581) and 5.8.x (prior to 5.8.1.27561) contains a vulnerability that fails to properly manage recursion during entity expansion. This weakness allows remote attackers to exploit the system by sending a specially crafted XML document with numerous nested entity references, leading to excessive memory and CPU usage, ultimately resulting in a denial of service due to process crashes.

References