High severity7.5NVD Advisory· Published Oct 6, 2011· Updated Jun 16, 2026
CVE-2011-3288
CVE-2011-3288
Description
Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:cisco:unified_presence:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cisco:unified_presence:*:*:*:*:*:*:*:*range: <8.5\(4\)
- (no CPE)range: <8.5(4)
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.