Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Unified MeetingPlace Application Server security vulnerabilities
Published:15.04.2013
Source:
SecurityVulns ID:13012
Type:remote
Threat Level:
6/10
Description:Authentication bypass, unauthorized access.
Affected:CISCO : Unified MeetingPlace Web Conferencing Server 7.1
 CISCO : Unified MeetingPlace Web Conferencing Server 8.0
 CISCO : Unified MeetingPlace Web Conferencing Server 8.5
CVE:CVE-2013-1169 (Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 2, and 8.5 before 8.5MR3 Patch 1, when the Remember Me option is used, does not properly verify cookies, which allows remote attackers to impersonate users via a crafted login request, aka Bug ID CSCuc64846.)
 CVE-2013-1168 (The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885.)
Files:Multiple Vulnerabilities in Cisco Unified MeetingPlace Solution

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod