Sign-up

ID

VAR-201403-0212


CVE

CVE-2014-0708


TITLE

Cisco WebEx Business Suite of WebEx Meeting Center Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2014-001747

DESCRIPTION

WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) a browser's history, aka Bug ID CSCul98272. Cisco WebEx Business Suite is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCul98272. Cisco WebEx Meeting Center is an online meeting product in a set of WebEx meeting solutions of Cisco (Cisco). The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more

Trust: 1.98

sources: NVD: CVE-2014-0708 // JVNDB: JVNDB-2014-001747 // BID: 66285 // VULHUB: VHN-68201

AFFECTED PRODUCTS

vendor:ciscomodel:webex meeting centerscope: - version: -

Trust: 1.4

vendor:ciscomodel:webex meeting centerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:webex business suitescope:eqversion:0

Trust: 0.3

sources: BID: 66285 // JVNDB: JVNDB-2014-001747 // CNNVD: CNNVD-201403-386 // NVD: CVE-2014-0708

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0708
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0708
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201403-386
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68201
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0708
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-68201
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68201 // JVNDB: JVNDB-2014-001747 // CNNVD: CNNVD-201403-386 // NVD: CVE-2014-0708

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-68201 // JVNDB: JVNDB-2014-001747 // NVD: CVE-2014-0708

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-386

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201403-386

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001747

PATCH
title:Cisco WebEx Business Suite HTTP GET Parameters Include Sensitive Informationurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0708
Trust: 0.8
title:33405url:http://tools.cisco.com/security/center/viewAlert.x?alertId=33405
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001747

EXTERNAL IDS
db:NVDid:CVE-2014-0708
Trust: 2.8
db:JVNDBid:JVNDB-2014-001747
Trust: 0.8
db:CNNVDid:CNNVD-201403-386
Trust: 0.7
db:CISCOid:20140318 CISCO WEBEX BUSINESS SUITE HTTP GET PARAMETERS INCLUDE SENSITIVE INFORMATION
Trust: 0.6
db:BIDid:66285
Trust: 0.4
db:VULHUBid:VHN-68201
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68201 // 
            
            
            
            BID: 66285 // 
            
            
            
            JVNDB: JVNDB-2014-001747 // 
            
            
            
            CNNVD: CNNVD-201403-386 // 
            
            
            
            NVD: CVE-2014-0708

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0708
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0708
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0708
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-68201 // 
            
            
            
            BID: 66285 // 
            
            
            
            JVNDB: JVNDB-2014-001747 // 
            
            
            
            CNNVD: CNNVD-201403-386 // 
            
            
            
            NVD: CVE-2014-0708

CREDITS
Jim LaValley of LaValley Consulting
Trust: 0.3
sources:
            
            
            BID: 66285

SOURCES
db:VULHUBid:VHN-68201
db:BIDid:66285
db:JVNDBid:JVNDB-2014-001747
db:CNNVDid:CNNVD-201403-386
db:NVDid:CVE-2014-0708

LAST UPDATE DATE
2024-11-23T21:45:20.077000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68201date:2014-03-24T00:00:00
db:BIDid:66285date:2014-03-18T00:00:00
db:JVNDBid:JVNDB-2014-001747date:2014-03-24T00:00:00
db:CNNVDid:CNNVD-201403-386date:2014-03-25T00:00:00
db:NVDid:CVE-2014-0708date:2024-11-21T02:02:40.647

SOURCES RELEASE DATE
db:VULHUBid:VHN-68201date:2014-03-21T00:00:00
db:BIDid:66285date:2014-03-18T00:00:00
db:JVNDBid:JVNDB-2014-001747date:2014-03-24T00:00:00
db:CNNVDid:CNNVD-201403-386date:2014-03-25T00:00:00
db:NVDid:CVE-2014-0708date:2014-03-21T01:04:02.903