Details of VAR-201502-0125

ID

VAR-201502-0125

CVE

CVE-2015-0595

TITLE

Cisco WebEx Meetings Server of XMLAPI Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2015-001352

DESCRIPTION

The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079. Cisco WebEx Meetings Server of XMLAPI Contains a vulnerability in which important information is obtained. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuj67079. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. A security vulnerability exists in CWMS 1.5 (.1.131) and previous versions of XMLAPI

Trust: 1.98

sources: NVD: CVE-2015-0595 // JVNDB: JVNDB-2015-001352 // BID: 72370 // VULHUB: VHN-78541

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	lte	version:	1.5\(.1.131\)	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	lte	version:	1.5(.1.131)	Trust: 0.8
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	1.5\(.1.131\)	Trust: 0.6

sources: JVNDB: JVNDB-2015-001352 // CNNVD: CNNVD-201502-014 // NVD: CVE-2015-0595

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0595
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0595
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201502-014
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78541
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0595
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78541
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78541 // JVNDB: JVNDB-2015-001352 // CNNVD: CNNVD-201502-014 // NVD: CVE-2015-0595

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-78541 // JVNDB: JVNDB-2015-001352 // NVD: CVE-2015-0595

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-014

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201502-014

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001352

PATCH

title:	Cisco WebEx Meetings Server XMLAPI Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0595	Trust: 0.8
title:	37238	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37238	Trust: 0.8

sources: JVNDB: JVNDB-2015-001352

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0595	Trust: 2.8
db:	BID	id:	72370	Trust: 1.4
db:	SECTRACK	id:	1031676	Trust: 1.1
db:	SECUNIA	id:	62686	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-001352	Trust: 0.8
db:	CNNVD	id:	CNNVD-201502-014	Trust: 0.7
db:	VULHUB	id:	VHN-78541	Trust: 0.1

sources: VULHUB: VHN-78541 // BID: 72370 // JVNDB: JVNDB-2015-001352 // CNNVD: CNNVD-201502-014 // NVD: CVE-2015-0595

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0595	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37238	Trust: 1.7
url:	http://www.securityfocus.com/bid/72370	Trust: 1.1
url:	http://www.securitytracker.com/id/1031676	Trust: 1.1
url:	http://secunia.com/advisories/62686	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/100667	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0595	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0595	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-78541 // BID: 72370 // JVNDB: JVNDB-2015-001352 // CNNVD: CNNVD-201502-014 // NVD: CVE-2015-0595

CREDITS

Cisco

Trust: 0.3

sources: BID: 72370

SOURCES

db:	VULHUB	id:	VHN-78541
db:	BID	id:	72370
db:	JVNDB	id:	JVNDB-2015-001352
db:	CNNVD	id:	CNNVD-201502-014
db:	NVD	id:	CVE-2015-0595

LAST UPDATE DATE

2024-11-23T23:05:43.718000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78541	date:	2017-09-08T00:00:00
db:	BID	id:	72370	date:	2015-02-04T00:03:00
db:	JVNDB	id:	JVNDB-2015-001352	date:	2015-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201502-014	date:	2015-02-02T00:00:00
db:	NVD	id:	CVE-2015-0595	date:	2024-11-21T02:23:22.737

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78541	date:	2015-02-02T00:00:00
db:	BID	id:	72370	date:	2015-01-29T00:00:00
db:	JVNDB	id:	JVNDB-2015-001352	date:	2015-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201502-014	date:	2015-02-02T00:00:00
db:	NVD	id:	CVE-2015-0595	date:	2015-02-02T01:59:06.670