Cisco uniied Customer Voice Portal insecure TomCat configuration vulnerability
Release date:
Updated on: 2013-05-10
Affected Systems:
Cisco CVP 7.x
Cisco CVP 4.1.x
Cisco CVP 4.0.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 59740
CVE (CAN) ID: CVE-2013-1222
Cisco uniied Customer Voice Portal (CVP) provides Voice and video self-service.
The Customer Voice Portal (CVP) 9.0.1 ES 11 and earlier versions have a remote Security Bypass Vulnerability. Remote attackers can exploit this vulnerability without passing authentication and end-user interaction, after successful exploitation, arbitrary code execution is allowed. Attackers can use IPv4 and IPv6 packets through the following ports: HTTP uses TCP port 80 and HTTPS uses TCP port 443
<* Source: Alex Senkevitch
Link: http://tools.cisco.com/security/center/viewAlert.x? AlertId = 28982 & vs_f = Cisco % 20 Applied % 20 Mitigation % 20 Bulletins & vs_cat = Security % 20 Intelligence & vs_type = RSS & vs_p = Identifying % 20and % 20 Mitigating % 20 Multiple % 20 Vulnerabilities % 20in % 20 Cisco % 20 uniied % 20 Customer % 20
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.cisco.com/go/psirt