Details of VAR-200708-0164

ID

VAR-200708-0164

CVE

CVE-2007-4284

TITLE

Cisco MP Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2007-002493

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified MeetingPlace Web Conferencing (MP) 5.3.235.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) Success Template (STPL) and (2) Failure Template (FTPL) parameters, which are not properly handled in an error message. (1) Success Template (STPL) Parameters (2) Failure Template (FTPL) Parameters. Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks. These issues are being monitored by Cisco bug ID CSCsi33940 and CSCtd69750. Update June 24, 2010: Security scanners may still flag the 'STPL' and 'FTPL' parameters as vulnerable. The vendor is documenting this issue in Cisco bug ID CSCtd69750. Cisco Unified MeetingPlace is a set of multimedia conferencing solutions of Cisco (Cisco). This solution provides a user environment that integrates voice, video and Web conferencing. MeetingPlace has a cross-site scripting vulnerability when processing user requests. Remote attackers may use this vulnerability to execute malicious code in the user's browser. If the MeetingPlace server receives invalid STPL or FTPL parameter input, it may return an HTML error template page to the user, resulting in arbitrary code execution in the user's browser. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Input passed to the "STPL" and "FTPL" parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions 5.3.235.0 and earlier. SOLUTION: Update to version 5.3.333.0 or later. PROVIDED AND/OR DISCOVERED BY: Roger Jefferiss and Rob Pope, SecureTest Ltd. ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065134.html Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-4284 // JVNDB: JVNDB-2007-002493 // BID: 25237 // VULHUB: VHN-27646 // PACKETSTORM: 58398

AFFECTED PRODUCTS

vendor:	cisco	model:	meetingplace web confrencing	scope:	lte	version:	5.3\(235\)	Trust: 1.0
vendor:	cisco	model:	unified meetingplace web conferencing	scope:	lte	version:	5.3.235.0	Trust: 0.8
vendor:	cisco	model:	meetingplace web confrencing	scope:	eq	version:	5.3\(235\)	Trust: 0.6
vendor:	cisco	model:	unified meetingplace web conference	scope:	eq	version:	5.3.104.3	Trust: 0.3
vendor:	cisco	model:	unified meetingplace web conference	scope:	eq	version:	5.3.104.0	Trust: 0.3
vendor:	cisco	model:	unified meetingplace web conference	scope:	eq	version:	4.3.0.246.5	Trust: 0.3
vendor:	cisco	model:	unified meetingplace web conference	scope:	eq	version:	4.3.0.246	Trust: 0.3
vendor:	cisco	model:	unified meetingplace web conference	scope:	ne	version:	5.3.447	Trust: 0.3
vendor:	cisco	model:	unified meetingplace web conference	scope:	ne	version:	6.0.639.4	Trust: 0.3
vendor:	cisco	model:	unified meetingplace web conference	scope:	ne	version:	6.0.170.0	Trust: 0.3
vendor:	cisco	model:	unified meetingplace web conference	scope:	ne	version:	5.4.70.0	Trust: 0.3
vendor:	cisco	model:	unified meetingplace web conference	scope:	ne	version:	5.3.447.4	Trust: 0.3
vendor:	cisco	model:	unified meetingplace web conference	scope:	ne	version:	5.3.333.0	Trust: 0.3

sources: BID: 25237 // JVNDB: JVNDB-2007-002493 // CNNVD: CNNVD-200708-149 // NVD: CVE-2007-4284

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-4284
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-4284
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200708-149
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-27646
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-4284
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-27646
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-27646 // JVNDB: JVNDB-2007-002493 // CNNVD: CNNVD-200708-149 // NVD: CVE-2007-4284

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-4284

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200708-149

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 58398 // CNNVD: CNNVD-200708-149

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002493

PATCH

title:

Document ID: 570

url:

http://www.cisco.com/en/US/products/csr/cisco-sr-20070808-mp.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-002493

EXTERNAL IDS

db:	NVD	id:	CVE-2007-4284	Trust: 2.8
db:	BID	id:	25237	Trust: 2.0
db:	SECUNIA	id:	26376	Trust: 1.8
db:	VUPEN	id:	ADV-2007-2815	Trust: 1.7
db:	SECTRACK	id:	1018537	Trust: 1.7
db:	SREASON	id:	2990	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-002493	Trust: 0.8
db:	CNNVD	id:	CNNVD-200708-149	Trust: 0.7
db:	BUGTRAQ	id:	20070808 RE: XSS VULNERABILITY IN CISCO MEETINGPLACE	Trust: 0.6
db:	BUGTRAQ	id:	20070808 XSS VULNERABILITY IN CISCO MEETINGPLACE	Trust: 0.6
db:	CISCO	id:	20070808 CISCO UNIFIED MEETINGPLACE XSS VULNERABILITY	Trust: 0.6
db:	FULLDISC	id:	20070808 XSS VULNERABILITY IN CISCO MEETINGPLACE	Trust: 0.6
db:	XF	id:	35871	Trust: 0.6
db:	VULHUB	id:	VHN-27646	Trust: 0.1
db:	PACKETSTORM	id:	58398	Trust: 0.1

sources: VULHUB: VHN-27646 // BID: 25237 // JVNDB: JVNDB-2007-002493 // PACKETSTORM: 58398 // CNNVD: CNNVD-200708-149 // NVD: CVE-2007-4284

REFERENCES

url:	http://lists.grok.org.uk/pipermail/full-disclosure/2007-august/065134.html	Trust: 1.8
url:	http://www.securityfocus.com/bid/25237	Trust: 1.7
url:	http://www.cisco.com/en/us/products/products_security_response09186a008089969e.html	Trust: 1.7
url:	http://www.securitytracker.com/id?1018537	Trust: 1.7
url:	http://secunia.com/advisories/26376	Trust: 1.7
url:	http://securityreason.com/securityalert/2990	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/475845/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/475840/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/2815	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/35871	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4284	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4284	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/35871	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/475845/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/475840/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/2815	Trust: 0.6
url:	http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml	Trust: 0.4
url:	http://www.cisco.com/en/us/products/sw/ps5664/ps5669/index.html	Trust: 0.3
url:	/archive/1/459848	Trust: 0.3
url:	/archive/1/475840	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/13661/	Trust: 0.1
url:	https://psi.secunia.com/	Trust: 0.1
url:	http://secunia.com/advisories/26376/	Trust: 0.1
url:	http://secunia.com/product/13662/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-27646 // BID: 25237 // JVNDB: JVNDB-2007-002493 // PACKETSTORM: 58398 // CNNVD: CNNVD-200708-149 // NVD: CVE-2007-4284

CREDITS

Roger Jefferiss

Trust: 0.6

sources: CNNVD: CNNVD-200708-149

SOURCES

db:	VULHUB	id:	VHN-27646
db:	BID	id:	25237
db:	JVNDB	id:	JVNDB-2007-002493
db:	PACKETSTORM	id:	58398
db:	CNNVD	id:	CNNVD-200708-149
db:	NVD	id:	CVE-2007-4284

LAST UPDATE DATE

2025-04-10T23:19:59.916000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-27646	date:	2018-10-15T00:00:00
db:	BID	id:	25237	date:	2015-05-07T17:36:00
db:	JVNDB	id:	JVNDB-2007-002493	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200708-149	date:	2007-08-13T00:00:00
db:	NVD	id:	CVE-2007-4284	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-27646	date:	2007-08-09T00:00:00
db:	BID	id:	25237	date:	2007-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2007-002493	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	58398	date:	2007-08-10T02:01:07
db:	CNNVD	id:	CNNVD-200708-149	date:	2007-08-09T00:00:00
db:	NVD	id:	CVE-2007-4284	date:	2007-08-09T21:17:00