Cisco Unified MeetingPlace Web Conferencing Multiple Vulnerabilities
Last Update Date:
1 Nov 2012 11:34
Release Date:
1 Nov 2012
5524
Views
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities have been identified in Cisco Unified MeetingPlace Web Conferencing, which can be exploited by remote user to cause a DoS (Denial of Service) and disclose sensitive information.
- A remote user can send specially crafted HTTP POST data to trigger a buffer overflow and cause the Web Conferencing server to become unresponsive.
- The software does not properly validate user-supplied input in HTTP POST requests. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.
Impact
- Denial of Service
- Information Disclosure
System / Technologies affected
- Cisco Unified MeetingPlace Web Conferencing 7.0
- Cisco Unified MeetingPlace Web Conferencing 7.1
- Cisco Unified MeetingPlace Web Conferencing 8.0
- Cisco Unified MeetingPlace Web Conferencing 8.5
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 7.1MR1 Patch 1, 8.0MR1 Patch 1, 8.5MR3.
Vulnerability Identifier
Source
Related Link
Share with