Sign-up

ID

VAR-201406-0310


CVE

CVE-2014-3294


TITLE

Cisco WebEx Meeting Server Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2014-002806

DESCRIPTION

Cisco WebEx Meeting Server does not properly restrict the content of URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81691. Cisco WebEx Meeting Server Is URL There is a vulnerability that can retrieve important information because it does not properly limit the content of. Cisco WebEx Meetings Server is a Cisco Conference Center implementation from Cisco. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuj81691. Cisco WebEx Meeting Server is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 2.52

sources: NVD: CVE-2014-3294 // JVNDB: JVNDB-2014-002806 // CNVD: CNVD-2014-03767 // BID: 68001 // VULHUB: VHN-71234

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-03767

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meeting serverscope: - version: -

Trust: 0.6

vendor:ciscomodel:webex meetings serverscope:eqversion:1.5

Trust: 0.3

sources: CNVD: CNVD-2014-03767 // BID: 68001 // JVNDB: JVNDB-2014-002806 // CNNVD: CNNVD-201406-173 // NVD: CVE-2014-3294

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3294
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3294
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-03767
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201406-173
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71234
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3294
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-03767
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-71234
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-03767 // VULHUB: VHN-71234 // JVNDB: JVNDB-2014-002806 // CNNVD: CNNVD-201406-173 // NVD: CVE-2014-3294

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-71234 // JVNDB: JVNDB-2014-002806 // NVD: CVE-2014-3294

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-173

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201406-173

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002806

PATCH
title:WebEx Meeting Server Sensitive Information Disclosure Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3294
Trust: 0.8
title:Patch for Cisco WebEx Meetings Server Information Disclosure Vulnerability (CNVD-2014-03767)url:https://www.cnvd.org.cn/patchInfo/show/46545
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-03767 // 
            
            
            
            JVNDB: JVNDB-2014-002806

EXTERNAL IDS
db:NVDid:CVE-2014-3294
Trust: 3.4
db:BIDid:68001
Trust: 2.0
db:SECTRACKid:1030412
Trust: 1.1
db:JVNDBid:JVNDB-2014-002806
Trust: 0.8
db:CNNVDid:CNNVD-201406-173
Trust: 0.7
db:CNVDid:CNVD-2014-03767
Trust: 0.6
db:CISCOid:20140609 WEBEX MEETING SERVER SENSITIVE INFORMATION DISCLOSURE VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-71234
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-03767 // 
            
            
            
            VULHUB: VHN-71234 // 
            
            
            
            BID: 68001 // 
            
            
            
            JVNDB: JVNDB-2014-002806 // 
            
            
            
            CNNVD: CNNVD-201406-173 // 
            
            
            
            NVD: CVE-2014-3294

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3294
Trust: 2.3
url:http://www.securityfocus.com/bid/68001
Trust: 1.1
url:http://www.securitytracker.com/id/1030412
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3294
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3294
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=34573
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-03767 // 
            
            
            
            VULHUB: VHN-71234 // 
            
            
            
            BID: 68001 // 
            
            
            
            JVNDB: JVNDB-2014-002806 // 
            
            
            
            CNNVD: CNNVD-201406-173 // 
            
            
            
            NVD: CVE-2014-3294

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 68001

SOURCES
db:CNVDid:CNVD-2014-03767
db:VULHUBid:VHN-71234
db:BIDid:68001
db:JVNDBid:JVNDB-2014-002806
db:CNNVDid:CNNVD-201406-173
db:NVDid:CVE-2014-3294

LAST UPDATE DATE
2024-11-23T22:42:33.766000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-03767date:2014-06-23T00:00:00
db:VULHUBid:VHN-71234date:2016-09-08T00:00:00
db:BIDid:68001date:2014-06-11T00:00:00
db:JVNDBid:JVNDB-2014-002806date:2014-06-11T00:00:00
db:CNNVDid:CNNVD-201406-173date:2014-06-11T00:00:00
db:NVDid:CVE-2014-3294date:2024-11-21T02:07:48.553

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-03767date:2014-06-19T00:00:00
db:VULHUBid:VHN-71234date:2014-06-10T00:00:00
db:BIDid:68001date:2014-06-11T00:00:00
db:JVNDBid:JVNDB-2014-002806date:2014-06-11T00:00:00
db:CNNVDid:CNNVD-201406-173date:2014-06-11T00:00:00
db:NVDid:CVE-2014-3294date:2014-06-10T11:19:35.940