Vulnerability-Lookup

CVE-2013-1168 (GCVE-0-2013-1168)

Vulnerability from cvelistv5 – Published: 2013-04-11 10:00 – Updated: 2024-09-16 18:50

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

GSD-2013-1168

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-1168

Aliases

CVE-2013-1168

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-1168",
    "description": "The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885.",
    "id": "GSD-2013-1168"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-1168"
      ],
      "details": "The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885.",
      "id": "GSD-2013-1168",
      "modified": "2023-12-13T01:22:20.208060Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2013-1168",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20130410 Multiple Vulnerabilities in Cisco Unified MeetingPlace Solution",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_meetingplace:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_meetingplace:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_meetingplace:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_meetingplace:7.0.2:mr1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_meetingplace:7.1:mr1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_meetingplace:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_meetingplace:7.0.3:mr2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_meetingplace:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_meetingplace:8.0:mr1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_meetingplace:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_meetingplace:8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_meetingplace:8.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_meetingplace:8.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_meetingplace:8.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-1168"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130410 Multiple Vulnerabilities in Cisco Unified MeetingPlace Solution",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-04-15T04:00Z",
      "publishedDate": "2013-04-11T10:55Z"
    }
  }
}

VAR-201304-0273

Vulnerability from variot - Updated: 2025-04-11 22:59

The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885. Vendors have confirmed this vulnerability Bug ID CSCuc64885 It is released as.The third party Cookie Using the information can hijack a session. Cisco Unified MeetingPlace is prone to an authentication-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access to the affected application and perform arbitrary actions. This issue is being tracked by Cisco Bug ID CSCuc64885. This solution provides a user environment that integrates voice, video and Web conferencing

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201304-0273",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.5.3"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.5"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.5.2"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.0.3"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.0.2"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.5.1"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.0.1"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "8.0"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "application server 7.1mr1 patch 2"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "application server 8.5mr3 patch 1"
      },
      {
        "model": "unified meetingplace",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.0"
      },
      {
        "model": "unified meetingplace",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.5"
      },
      {
        "model": "unified meetingplace",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "application server 8.0mr1 patch 1"
      },
      {
        "model": "unified meetingplace",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.x"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002223"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-187"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1168"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:unified_meetingplace",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002223"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "59006"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-1168",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CVE-2013-1168",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "VHN-61170",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2013-1168",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-1168",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201304-187",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-61170",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61170"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002223"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-187"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1168"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885. Vendors have confirmed this vulnerability Bug ID CSCuc64885 It is released as.The third party Cookie Using the information can hijack a session. Cisco Unified MeetingPlace is prone to an authentication-bypass vulnerability. \nAttackers can exploit this issue to gain unauthorized access to the affected application and perform arbitrary actions. \nThis issue is being tracked by Cisco Bug ID CSCuc64885. This solution provides a user environment that integrates voice, video and Web conferencing",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-1168"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002223"
      },
      {
        "db": "BID",
        "id": "59006"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61170"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-1168",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002223",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-187",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "53014",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20130410 MULTIPLE VULNERABILITIES IN CISCO UNIFIED MEETINGPLACE SOLUTION",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "59006",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-61170",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61170"
      },
      {
        "db": "BID",
        "id": "59006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002223"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-187"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1168"
      }
    ]
  },
  "id": "VAR-201304-0273",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61170"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-11T22:59:11.566000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20130410-mp",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp"
      },
      {
        "title": "28812",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=28812"
      },
      {
        "title": "cisco-sa-20130410-mp",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/JP/111/1117/1117742_cisco-sa-20130410-mp-j.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002223"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-1168"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130410-mp"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1168"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1168"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/53014"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/sw/ps5664/ps5669/index.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61170"
      },
      {
        "db": "BID",
        "id": "59006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002223"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-187"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1168"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-61170"
      },
      {
        "db": "BID",
        "id": "59006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002223"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-187"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1168"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-04-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-61170"
      },
      {
        "date": "2013-04-10T00:00:00",
        "db": "BID",
        "id": "59006"
      },
      {
        "date": "2013-04-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-002223"
      },
      {
        "date": "2013-04-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201304-187"
      },
      {
        "date": "2013-04-11T10:55:01.993000",
        "db": "NVD",
        "id": "CVE-2013-1168"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-04-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-61170"
      },
      {
        "date": "2013-04-10T00:00:00",
        "db": "BID",
        "id": "59006"
      },
      {
        "date": "2013-04-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-002223"
      },
      {
        "date": "2013-04-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201304-187"
      },
      {
        "date": "2025-04-11T00:51:21.963000",
        "db": "NVD",
        "id": "CVE-2013-1168"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-187"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified MeetingPlace Application Server of  Web Server hijacking vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002223"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201304-187"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2013-1168

Vulnerability from fkie_nvd - Published: 2013-04-11 10:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	unified_meetingplace	7.0
cisco	unified_meetingplace	7.0.1
cisco	unified_meetingplace	7.0.2
cisco	unified_meetingplace	7.0.2
cisco	unified_meetingplace	7.0.3
cisco	unified_meetingplace	7.0.3
cisco	unified_meetingplace	7.1
cisco	unified_meetingplace	7.1
cisco	unified_meetingplace	8.0
cisco	unified_meetingplace	8.0
cisco	unified_meetingplace	8.5
cisco	unified_meetingplace	8.5.1
cisco	unified_meetingplace	8.5.2
cisco	unified_meetingplace	8.5.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1B3B645-4500-4B63-8D1A-1139537DA522",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CB60381-CF25-41F1-B54B-CA0F1D77CEC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B746BD5-7783-4510-9260-88E6865277A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace:7.0.2:mr1:*:*:*:*:*:*",
              "matchCriteriaId": "3D94A24A-E9DE-46A4-AEAF-30DC05FEB685",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EBB601D-887C-40DC-97D0-448D9193F2FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace:7.0.3:mr2:*:*:*:*:*:*",
              "matchCriteriaId": "25556F86-581D-412C-B41B-36B30E12F41A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB025761-696C-41B4-9A7C-67CF7A6DBECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace:7.1:mr1:*:*:*:*:*:*",
              "matchCriteriaId": "E86A7C56-CFB8-4279-85A2-090CF6B1E1B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E33B950-9CA4-4438-A7F1-1630CC26E81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace:8.0:mr1:*:*:*:*:*:*",
              "matchCriteriaId": "8A8703D6-20FB-40EC-B516-FAF77ED21D29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FF3D6AE-38E4-40C7-AD5D-C7DA67AB9DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A049567-12BC-4A08-B776-C038248E655F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E02FBDCD-FED2-4B6B-B5AC-EB9915ED31E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD2F2149-16AE-425E-BAFB-DC5987CBB406",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885."
    },
    {
      "lang": "es",
      "value": "El servidor web de Cisco Unified MeetingPlace Application Server v7.x antes de v7.1MR1 revisi\u00f3n 2, v8.0 antes de v8.0MR1 revisi\u00f3n 1, y v8.5 antes de v8.5MR3 revisi\u00f3n 1 no invalida una sesi\u00f3n en una acci\u00f3n de cierre de sesi\u00f3n, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos secuestrar sesiones, aprovechando el conocimiento de una cookie de sesi\u00f3n, tambi\u00e9n conocido como Bug ID CSCuc64885."
    }
  ],
  "id": "CVE-2013-1168",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-04-11T10:55:01.993",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-FPMF-WC42-7P59

Vulnerability from github – Published: 2022-05-17 05:11 – Updated: 2022-05-17 05:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-1168"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-04-11T10:55:00Z",
    "severity": "HIGH"
  },
  "details": "The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885.",
  "id": "GHSA-fpmf-wc42-7p59",
  "modified": "2022-05-17T05:11:39Z",
  "published": "2022-05-17T05:11:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1168"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2013-AVI-242

Vulnerability from certfr_avis - Published: 2013-04-11 - Updated: 2013-04-11

De multiples vulnérabilités ont été corrigées dans Cisco Unified MeetingPlace. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Unified MeetingPlace Application Server version 7.1
Cisco	N/A	Cisco Unified MeetingPlace Web Conferencing Server version 7.0
Cisco	N/A	Cisco Unified MeetingPlace Application Server version 7.0
Cisco	N/A	Cisco Unified MeetingPlace Application Server version 8.0
Cisco	N/A	Cisco Unified MeetingPlace Web Conferencing Server version 8.0
Cisco	N/A	Cisco Unified MeetingPlace Application Server version 8.5
Cisco	N/A	Cisco Unified MeetingPlace Web Conferencing Server version 8.5
Cisco	N/A	Cisco Unified MeetingPlace Web Conferencing Server version 7.1

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-1168 (GCVE-0-2013-1168)

GSD-2013-1168

VAR-201304-0273

FKIE_CVE-2013-1168

GHSA-FPMF-WC42-7P59

CERTA-2013-AVI-242

Solution

Tags

Sightings

Nomenclature