BUGTRAQ ID: 33901
CVE(CAN) ID: CVE-2009-0614
Cisco Unified MeetingPlace是思科的网络会议解决方案。
Cisco Unified MeetingPlace Web Conferencing服务器中的漏洞可能允许未经认证的用户使用特制的URL绕过服务器的认证机制。如果被成功利用的话,用户可以获得对Cisco Unified MeetingPlace应用的管理访问。
Cisco Unified MeetingPlace 7.0
Cisco Unified MeetingPlace 6.0
厂商补丁:
Cisco已经为此发布了一个安全公告(cisco-sa-20090225-mtgplace)以及相应补丁:
cisco-sa-20090225-mtgplace:Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability
链接:<a href=“http://www.cisco.com/warp/public/707/cisco-sa-20090225-mtgplace.shtml” target=“_blank”>http://www.cisco.com/warp/public/707/cisco-sa-20090225-mtgplace.shtml</a>
补丁下载:
<a href=“http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278875240” target=“_blank”>http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278875240</a>
<a href=“http://tools.cisco.com/support/downloads/go/Model.x?mdfid=278816725&mdfLevel=Software Version/Option&treeName=Voice and Unified Communications&modelName=Cisco Unified MeetingPlace Web Conferencing&treeMdfId=278875240” target=“_blank”>http://tools.cisco.com/support/downloads/go/Model.x?mdfid=278816725&mdfLevel=Software Version/Option&treeName=Voice and Unified Communications&modelName=Cisco Unified MeetingPlace Web Conferencing&treeMdfId=278875240</a>