CVE-2011-3288 Information

Description

Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion which allows remote attackers to cause a denial of service (memory and CPU consumption and process crash) via a crafted XML document containing a large number of nested entity references aka Bug IDs CSCtq89842 and CSCtq88547 a similar issue to CVE-2003-1564.

Reference

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml