CVE Vulnerabilities

CVE-2013-1168

Published: Apr 11, 2013 | Modified: Apr 15, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.6 HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885.

Affected Software

Name Vendor Start Version End Version
Unified_meetingplace Cisco 7.0 (including) 7.0 (including)
Unified_meetingplace Cisco 7.0.1 (including) 7.0.1 (including)
Unified_meetingplace Cisco 7.0.2 (including) 7.0.2 (including)
Unified_meetingplace Cisco 7.0.2-mr1 (including) 7.0.2-mr1 (including)
Unified_meetingplace Cisco 7.0.3 (including) 7.0.3 (including)
Unified_meetingplace Cisco 7.0.3-mr2 (including) 7.0.3-mr2 (including)
Unified_meetingplace Cisco 7.1 (including) 7.1 (including)
Unified_meetingplace Cisco 7.1-mr1 (including) 7.1-mr1 (including)

References