A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server.
The vulnerability is due to insufficient masking of sensitive data in the HTTP response. An attacker could exploit this vulnerability by issuing specific HTTP requests. An exploit could allow the attacker to view the fully qualified domain name of the server.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3”]
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | webex_meetings_server | any | cpe:2.3:a:cisco:webex_meetings_server:any:*:*:*:*:*:*:* |