Details of VAR-201304-0273

ID

VAR-201304-0273

CVE

CVE-2013-1168

TITLE

Cisco Unified MeetingPlace Application Server of Web Server hijacking vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-002223

DESCRIPTION

The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885. Vendors have confirmed this vulnerability Bug ID CSCuc64885 It is released as.The third party Cookie Using the information can hijack a session. Cisco Unified MeetingPlace is prone to an authentication-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access to the affected application and perform arbitrary actions. This issue is being tracked by Cisco Bug ID CSCuc64885. This solution provides a user environment that integrates voice, video and Web conferencing

Trust: 1.98

sources: NVD: CVE-2013-1168 // JVNDB: JVNDB-2013-002223 // BID: 59006 // VULHUB: VHN-61170

AFFECTED PRODUCTS

vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	7.0	Trust: 1.6
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	8.5.3	Trust: 1.6
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	8.5	Trust: 1.6
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	8.5.2	Trust: 1.6
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	7.0.3	Trust: 1.6
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	7.0.2	Trust: 1.6
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	8.5.1	Trust: 1.6
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	7.1	Trust: 1.6
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	8.0	Trust: 1.0
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	application server 7.1mr1 patch 2	Trust: 0.8
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	application server 8.5mr3 patch 1	Trust: 0.8
vendor:	cisco	model:	unified meetingplace	scope:	lt	version:	8.0	Trust: 0.8
vendor:	cisco	model:	unified meetingplace	scope:	lt	version:	8.5	Trust: 0.8
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	application server 8.0mr1 patch 1	Trust: 0.8
vendor:	cisco	model:	unified meetingplace	scope:	lt	version:	7.x	Trust: 0.8

sources: JVNDB: JVNDB-2013-002223 // CNNVD: CNNVD-201304-187 // NVD: CVE-2013-1168

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1168
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-1168
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201304-187
value:	HIGH
Trust: 0.6
VULHUB:	VHN-61170
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-1168
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61170
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61170 // JVNDB: JVNDB-2013-002223 // CNNVD: CNNVD-201304-187 // NVD: CVE-2013-1168

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-1168

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-187

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201304-187

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002223

PATCH

title:	cisco-sa-20130410-mp	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp	Trust: 0.8
title:	28812	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=28812	Trust: 0.8
title:	cisco-sa-20130410-mp	url:	http://www.cisco.com/cisco/web/support/JP/111/1117/1117742_cisco-sa-20130410-mp-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-002223

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1168	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-002223	Trust: 0.8
db:	CNNVD	id:	CNNVD-201304-187	Trust: 0.7
db:	SECUNIA	id:	53014	Trust: 0.6
db:	CISCO	id:	20130410 MULTIPLE VULNERABILITIES IN CISCO UNIFIED MEETINGPLACE SOLUTION	Trust: 0.6
db:	BID	id:	59006	Trust: 0.4
db:	VULHUB	id:	VHN-61170	Trust: 0.1

sources: VULHUB: VHN-61170 // BID: 59006 // JVNDB: JVNDB-2013-002223 // CNNVD: CNNVD-201304-187 // NVD: CVE-2013-1168

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130410-mp	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1168	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1168	Trust: 0.8
url:	http://secunia.com/advisories/53014	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/ps5664/ps5669/index.html	Trust: 0.3

sources: VULHUB: VHN-61170 // BID: 59006 // JVNDB: JVNDB-2013-002223 // CNNVD: CNNVD-201304-187 // NVD: CVE-2013-1168

CREDITS

Cisco

Trust: 0.3

sources: BID: 59006

SOURCES

db:	VULHUB	id:	VHN-61170
db:	BID	id:	59006
db:	JVNDB	id:	JVNDB-2013-002223
db:	CNNVD	id:	CNNVD-201304-187
db:	NVD	id:	CVE-2013-1168

LAST UPDATE DATE

2024-11-23T22:23:15.358000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61170	date:	2013-04-15T00:00:00
db:	BID	id:	59006	date:	2013-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-002223	date:	2013-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201304-187	date:	2013-04-12T00:00:00
db:	NVD	id:	CVE-2013-1168	date:	2024-11-21T01:49:02.180

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61170	date:	2013-04-11T00:00:00
db:	BID	id:	59006	date:	2013-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-002223	date:	2013-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201304-187	date:	2013-04-12T00:00:00
db:	NVD	id:	CVE-2013-1168	date:	2013-04-11T10:55:01.993