cisco-sa-20170118-wms3

Cisco WebEx Meetings Server Information Disclosure Vulnerability

cisco-sa-20170118-wms3 · Medium · Published 9 years ago · Updated 9 years ago

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server.   The vulnerability is due to insufficient masking of sensitive data in the HTTP response. An attacker could exploit this vulnerability by issuing specific HTTP requests. An exploit could allow the attacker to view the fully qualified domain name of the server. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3

Cisco advisory · CSAF JSON

Workarounds

Workarounds are not available.

CVEs	CVE-2017-3797
Cisco Bug IDs	CSCvb60655
CVSS Score	Base 5.3 Base 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source	Cisco WebEx Meetings Server

Related Products

Product	CVE	Evidence
Cisco Webex Meetings	CVE-2017-3797	Cisco OpenVuln
Cisco WebEx Meetings Server	CVE-2017-3797	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco WebEx Meetings Server Information Disclosure Vulnerability

Workarounds

Related Products