Sign-up

ID

VAR-201506-0155


CVE

CVE-2015-0763


TITLE

Cisco Unified MeetingPlace Vulnerable to obtaining important session information

Trust: 0.8

sources: JVNDB: JVNDB-2015-002942

DESCRIPTION

Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338. Cisco Unified MeetingPlace is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug Id CSCuu60338. This solution provides a user environment that integrates voice, video and Web conferencing

Trust: 1.98

sources: NVD: CVE-2015-0763 // JVNDB: JVNDB-2015-002942 // BID: 74955 // VULHUB: VHN-78709

AFFECTED PRODUCTS

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6\(1.2\)

Trust: 1.6

vendor:ciscomodel:unified meetingplacescope:eqversion:8.6(1.2)

Trust: 1.1

sources: BID: 74955 // JVNDB: JVNDB-2015-002942 // CNNVD: CNNVD-201506-052 // NVD: CVE-2015-0763

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0763
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0763
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201506-052
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78709
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0763
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78709
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78709 // JVNDB: JVNDB-2015-002942 // CNNVD: CNNVD-201506-052 // NVD: CVE-2015-0763

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-78709 // JVNDB: JVNDB-2015-002942 // NVD: CVE-2015-0763

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-052

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201506-052

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002942

PATCH
title:39162url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39162
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002942

EXTERNAL IDS
db:NVDid:CVE-2015-0763
Trust: 2.8
db:SECTRACKid:1032471
Trust: 1.1
db:JVNDBid:JVNDB-2015-002942
Trust: 0.8
db:CNNVDid:CNNVD-201506-052
Trust: 0.6
db:BIDid:74955
Trust: 0.4
db:VULHUBid:VHN-78709
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78709 // 
            
            
            
            BID: 74955 // 
            
            
            
            JVNDB: JVNDB-2015-002942 // 
            
            
            
            CNNVD: CNNVD-201506-052 // 
            
            
            
            NVD: CVE-2015-0763

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39162
Trust: 2.0
url:http://www.securitytracker.com/id/1032471
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0763
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0763
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/sw/ps5664/ps5669/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78709 // 
            
            
            
            BID: 74955 // 
            
            
            
            JVNDB: JVNDB-2015-002942 // 
            
            
            
            CNNVD: CNNVD-201506-052 // 
            
            
            
            NVD: CVE-2015-0763

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 74955

SOURCES
db:VULHUBid:VHN-78709
db:BIDid:74955
db:JVNDBid:JVNDB-2015-002942
db:CNNVDid:CNNVD-201506-052
db:NVDid:CVE-2015-0763

LAST UPDATE DATE
2025-04-13T23:32:45.367000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78709date:2017-01-04T00:00:00
db:BIDid:74955date:2015-06-02T00:00:00
db:JVNDBid:JVNDB-2015-002942date:2015-06-05T00:00:00
db:CNNVDid:CNNVD-201506-052date:2015-06-10T00:00:00
db:NVDid:CVE-2015-0763date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-78709date:2015-06-04T00:00:00
db:BIDid:74955date:2015-06-02T00:00:00
db:JVNDBid:JVNDB-2015-002942date:2015-06-05T00:00:00
db:CNNVDid:CNNVD-201506-052date:2015-06-05T00:00:00
db:NVDid:CVE-2015-0763date:2015-06-04T10:59:03.800