Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Unified_presence | Cisco | 6.0 | 6.0 |
| Unified_presence | Cisco | 6.0(1) | 6.0(1) |
| Unified_presence | Cisco | 6.0(2) | 6.0(2) |
| Unified_presence | Cisco | 6.0(3) | 6.0(3) |
| Unified_presence | Cisco | 6.0(4) | 6.0(4) |
| Unified_presence | Cisco | 6.0(5) | 6.0(5) |
| Unified_presence | Cisco | 6.0(6) | 6.0(6) |
| Unified_presence | Cisco | 6.0(7) | 6.0(7) |
| Unified_presence | Cisco | 7.0 | 7.0 |
| Unified_presence | Cisco | 7.0(1) | 7.0(1) |
| Unified_presence | Cisco | 7.0(2) | 7.0(2) |
| Unified_presence | Cisco | 7.0(3) | 7.0(3) |
| Unified_presence | Cisco | 7.0(4) | 7.0(4) |
| Unified_presence | Cisco | 7.0(5) | 7.0(5) |
| Unified_presence | Cisco | 7.0(6) | 7.0(6) |
| Unified_presence | Cisco | 7.0(7) | 7.0(7) |
| Unified_presence | Cisco | 7.0(8) | 7.0(8) |
| Unified_presence | Cisco | 7.0(9) | 7.0(9) |
| Unified_presence | Cisco | 8.0 | 8.0 |
| Unified_presence | Cisco | 8.0(1) | 8.0(1) |
| Unified_presence | Cisco | 8.0(2) | 8.0(2) |
| Unified_presence | Cisco | 8.0(3) | 8.0(3) |
| Unified_presence | Cisco | 8.0(4) | 8.0(4) |
| Unified_presence | Cisco | 8.5 | 8.5 |
| Unified_presence | Cisco | 8.5(1) | 8.5(1) |
| Unified_presence | Cisco | 8.5(2) | 8.5(2) |
| Unified_presence | Cisco | * | 8.5(3) |