Skip to main content

Cisco Unified MeetingPlace Web Conferencing Multiple Vulnerabilities

Last Update Date: 1 Nov 2012 11:34 Release Date: 1 Nov 2012 5524 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities have been identified in Cisco Unified MeetingPlace Web Conferencing, which can be exploited by remote user to cause a DoS (Denial of Service) and disclose sensitive information.

  1. A remote user can send specially crafted HTTP POST data to trigger a buffer overflow and cause the Web Conferencing server to become unresponsive.
  2. The software does not properly validate user-supplied input in HTTP POST requests. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

Impact

  • Denial of Service
  • Information Disclosure

System / Technologies affected

  • Cisco Unified MeetingPlace Web Conferencing 7.0
  • Cisco Unified MeetingPlace Web Conferencing 7.1
  • Cisco Unified MeetingPlace Web Conferencing 8.0
  • Cisco Unified MeetingPlace Web Conferencing 8.5

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 7.1MR1 Patch 1, 8.0MR1 Patch 1, 8.5MR3.

Vulnerability Identifier


Source


Related Link