Details of VAR-201407-0367

ID

VAR-201407-0367

CVE

CVE-2014-3303

TITLE

Cisco WebEx Meetings Server of Web Vulnerabilities that capture important information in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2014-003607

DESCRIPTION

The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81713. Cisco WebEx Meetings is a networked online conferencing product in Cisco's WebEx conferencing solution. Cisco WebEx Meetings Server is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuj81713

Trust: 2.52

sources: NVD: CVE-2014-3303 // JVNDB: JVNDB-2014-003607 // CNVD: CNVD-2014-04673 // BID: 68910 // VULHUB: VHN-71243

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-04673

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	lte	version:	1.5(.1.131)	Trust: 0.8
vendor:	cisco	model:	webex meetings server	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2014-04673 // BID: 68910 // JVNDB: JVNDB-2014-003607 // CNNVD: CNNVD-201407-662 // NVD: CVE-2014-3303

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3303
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3303
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-04673
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201407-662
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71243
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3303
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-04673
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71243
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-04673 // VULHUB: VHN-71243 // JVNDB: JVNDB-2014-003607 // CNNVD: CNNVD-201407-662 // NVD: CVE-2014-3303

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-71243 // JVNDB: JVNDB-2014-003607 // NVD: CVE-2014-3303

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-662

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201407-662

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003607

PATCH

title:	Cisco WebEx Meetings Server Web Framework Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3303	Trust: 0.8
title:	35059	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35059	Trust: 0.8

sources: JVNDB: JVNDB-2014-003607

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3303	Trust: 3.4
db:	BID	id:	68910	Trust: 2.0
db:	SECTRACK	id:	1030645	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-003607	Trust: 0.8
db:	CNNVD	id:	CNNVD-201407-662	Trust: 0.7
db:	CNVD	id:	CNVD-2014-04673	Trust: 0.6
db:	VULHUB	id:	VHN-71243	Trust: 0.1

sources: CNVD: CNVD-2014-04673 // VULHUB: VHN-71243 // BID: 68910 // JVNDB: JVNDB-2014-003607 // CNNVD: CNNVD-201407-662 // NVD: CVE-2014-3303

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3303	Trust: 2.0
url:	http://www.securityfocus.com/bid/68910	Trust: 1.7
url:	http://www.securitytracker.com/id/1030645	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/94893	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3303	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3303	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2014-04673 // VULHUB: VHN-71243 // BID: 68910 // JVNDB: JVNDB-2014-003607 // CNNVD: CNNVD-201407-662 // NVD: CVE-2014-3303

CREDITS

Cisco

Trust: 0.3

sources: BID: 68910

SOURCES

db:	CNVD	id:	CNVD-2014-04673
db:	VULHUB	id:	VHN-71243
db:	BID	id:	68910
db:	JVNDB	id:	JVNDB-2014-003607
db:	CNNVD	id:	CNNVD-201407-662
db:	NVD	id:	CVE-2014-3303

LAST UPDATE DATE

2024-11-23T22:46:05.307000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-04673	date:	2014-07-30T00:00:00
db:	VULHUB	id:	VHN-71243	date:	2017-08-29T00:00:00
db:	BID	id:	68910	date:	2014-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2014-003607	date:	2014-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201407-662	date:	2014-07-30T00:00:00
db:	NVD	id:	CVE-2014-3303	date:	2024-11-21T02:07:49.620

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-04673	date:	2014-07-30T00:00:00
db:	VULHUB	id:	VHN-71243	date:	2014-07-28T00:00:00
db:	BID	id:	68910	date:	2014-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2014-003607	date:	2014-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201407-662	date:	2014-07-30T00:00:00
db:	NVD	id:	CVE-2014-3303	date:	2014-07-28T17:55:07.247