Cisco uniied Customer Voice Portal insecure TomCat configuration vulnerability

Cisco uniied Customer Voice Portal insecure TomCat configuration vulnerability

Release date:
Updated on: 2013-05-10

Affected Systems:
Cisco CVP 7.x
Cisco CVP 4.1.x
Cisco CVP 4.0.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 59740
CVE (CAN) ID: CVE-2013-1222
 
Cisco uniied Customer Voice Portal (CVP) provides Voice and video self-service.
 
The Customer Voice Portal (CVP) 9.0.1 ES 11 and earlier versions have a remote Security Bypass Vulnerability. Remote attackers can exploit this vulnerability without passing authentication and end-user interaction, after successful exploitation, arbitrary code execution is allowed. Attackers can use IPv4 and IPv6 packets through the following ports: HTTP uses TCP port 80 and HTTPS uses TCP port 443
 
<* Source: Alex Senkevitch

Link: http://tools.cisco.com/security/center/viewAlert.x? AlertId = 28982 & vs_f = Cisco % 20 Applied % 20 Mitigation % 20 Bulletins & vs_cat = Security % 20 Intelligence & vs_type = RSS & vs_p = Identifying % 20and % 20 Mitigating % 20 Multiple % 20 Vulnerabilities % 20in % 20 Cisco % 20 uniied % 20 Customer % 20
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Cisco
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Http://www.cisco.com/go/psirt