Lucene search

[email protected]CVE-2011-4232

HistoryMay 03, 2012 - 10:11 a.m.

CVE-2011-4232

2012-05-0310:11:39

CWE-200

[email protected]

web.nvd.nist.gov

cisco

unified meetingplace

web server

directory enumeration

vulnerability

cve-2011-4232

nvd

bug id csctt94070

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.0%

JSON

The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate directory names via a series of queries, aka Bug ID CSCtt94070.

Affected configurations

NVD

Node

ciscounified_meetingplaceMatch6.1

ciscounified_meetingplaceMatch8.5

CPENameOperatorVersion
cisco:unified_meetingplacecisco unified meetingplaceeq6.1
cisco:unified_meetingplacecisco unified meetingplaceeq8.5

CPE	Name	Operator	Version
cisco:unified_meetingplace	cisco unified meetingplace	eq	6.1
cisco:unified_meetingplace	cisco unified meetingplace	eq	8.5

References

www.cisco.com/en/US/docs/voice_ip_comm/meetingplace/6_1/release_notes/mp61_rn.pdf

www.securityfocus.com/bid/53432

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.0%

JSON

Related for CVE-2011-4232

nvd1 cvelist1 cisco1 prion1