Cross site request forgery (csrf)

2013-05-0912:31:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.8%

JSON

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38379.

CPENameOperatorVersion
unified_customer_voice_portaleq3.0 sr1
unified_customer_voice_portaleq4.2.0
unified_customer_voice_portaleq3.610 es1
unified_customer_voice_portaleq4.2 sr1
unified_customer_voice_portaleq<= 9.1
unified_customer_voice_portaleq7.2.0
unified_customer_voice_portaleq8.51.0
unified_customer_voice_portaleq9.0
unified_customer_voice_portaleq4.0
unified_customer_voice_portaleq7.0

Name	Operator	Version
unified_customer_voice_portal	eq	3.0 sr1
unified_customer_voice_portal	eq	4.2.0
unified_customer_voice_portal	eq	3.610 es1
unified_customer_voice_portal	eq	4.2 sr1
unified_customer_voice_portal	eq	<= 9.1
unified_customer_voice_portal	eq	7.2.0
unified_customer_voice_portal	eq	8.51.0
unified_customer_voice_portal	eq	9.0
unified_customer_voice_portal	eq	4.0
unified_customer_voice_portal	eq	7.0