Cisco Unified MeetingPlace Web Conferencing Multiple Vulnerabilities

Last Update Date: 1 Nov 2012 11:34 Release Date: 1 Nov 2012 4762 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities have been identified in Cisco Unified MeetingPlace Web Conferencing, which can be exploited by remote user to cause a DoS (Denial of Service) and disclose sensitive information.

  1. A remote user can send specially crafted HTTP POST data to trigger a buffer overflow and cause the Web Conferencing server to become unresponsive.
  2. The software does not properly validate user-supplied input in HTTP POST requests. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

Impact

  • Denial of Service
  • Information Disclosure

System / Technologies affected

  • Cisco Unified MeetingPlace Web Conferencing 7.0
  • Cisco Unified MeetingPlace Web Conferencing 7.1
  • Cisco Unified MeetingPlace Web Conferencing 8.0
  • Cisco Unified MeetingPlace Web Conferencing 8.5

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 7.1MR1 Patch 1, 8.0MR1 Patch 1, 8.5MR3.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Mozilla Products Multiple Vulnerabilities

29 Oct 2012 4427 Views

Next

Cisco Prime Data Center Network Manager JBoss RMI Services Vulnerability

1 Nov 2012 4878 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY