Vulnerability CVE-2015-0595

Vulnerability Name:

CVE-2015-0595 (CCN-100667)

Assigned:

2015-01-30

Published:

2015-01-30

Updated:

2017-09-08

Summary:

The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2015-0595

Source: SECUNIA
Type: UNKNOWN
62686

Source: CCN
Type: Cisco Security Notice
Cisco WebEx Meetings Server XMLAPI Vulnerability

Source: CISCO
Type: Vendor Advisory
20150129 Cisco WebEx Meetings Server XMLAPI Vulnerability

Source: CONFIRM
Type: Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=37238

Source: BID
Type: Third Party Advisory, VDB Entry
72370

Source: CCN
Type: BID-72370
Cisco WebEx Meetings Server CVE-2015-0595 Information Disclosure Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1031676

Source: XF
Type: UNKNOWN
cisco-webex-cve20150595-info-disc(100667)

Source: XF
Type: UNKNOWN
cisco-webex-cve20150595-info-disc(100667)

Vulnerable Configuration:

Configuration 1:

cpe:/a:cisco:webex_meetings_server:*:*:*:*:*:*:*:* (Version <= 1.5(.1.131))

Configuration CCN 1:

cpe:/a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK