Lucene search

K
cve[email protected]CVE-2011-4232
HistoryMay 03, 2012 - 10:11 a.m.

CVE-2011-4232

2012-05-0310:11:39
CWE-200
web.nvd.nist.gov
19
cisco
unified meetingplace
web server
directory enumeration
vulnerability
cve-2011-4232
nvd
bug id csctt94070

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.0%

The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate directory names via a series of queries, aka Bug ID CSCtt94070.

Affected configurations

NVD
Node
ciscounified_meetingplaceMatch6.1
OR
ciscounified_meetingplaceMatch8.5

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.0%

Related for CVE-2011-4232