CVE-2013-1168

Severity

76%

Complexity

49%

Confidentiality

165%

The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885.

The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885.

CVSS 2.0 Base Score 7.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C).

Overview

Type

Cisco Unified MeetingPlace

First reported 11 years ago

2013-04-11 10:55:00

Last updated 11 years ago

2013-04-15 04:00:00

Affected Software

Cisco Unified MeetingPlace 7.0

7.0

Cisco Unified MeetingPlace 7.0.1

7.0.1

Cisco Unified MeetingPlace 7.0.2

7.0.2

Cisco Unified MeetingPlace 7.0.2 Maintenance Release 1

7.0.2

Cisco Unified MeetingPlace 7.0.3

7.0.3

Cisco Unified MeetingPlace 7.0.3 Maintenance Release 2

7.0.3

Cisco Unified MeetingPlace 7.1

7.1

Cisco Unified MeetingPlace 7.1 Maintenance Release 1

7.1

Cisco Unified MeetingPlace 8.0

8.0

Cisco Unified MeetingPlace 8.0 Maintenance Release 1

8.0

Cisco Unified MeetingPlace 8.5

8.5

Cisco Unified MeetingPlace 8.5.1

8.5.1

Cisco Unified MeetingPlace 8.5.2

8.5.2

Cisco Unified MeetingPlace 8.5.3

8.5.3

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.