Lucene search

CiscoCVE-2013-1222

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-1222

2022-10-0316:14:48

CWE-16

cisco

web.nvd.nist.gov

cisco

cvp

web management

cve-2013-1222

tomcat

remote attackers

http

https

vulnerability

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:C/A:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

48.8%

JSON

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38379.

Affected configurations

Nvd

Node

ciscounified_customer_voice_portalRange≤9.0\(1\)

ciscounified_customer_voice_portalMatch3.0sr1

ciscounified_customer_voice_portalMatch3.0sr2

ciscounified_customer_voice_portalMatch3.6\(10\)es01

ciscounified_customer_voice_portalMatch4.0

ciscounified_customer_voice_portalMatch4.0\(2\)

ciscounified_customer_voice_portalMatch4.0\(2\)sr1

ciscounified_customer_voice_portalMatch4.1

ciscounified_customer_voice_portalMatch7.0

ciscounified_customer_voice_portalMatch7.0\(2\)

ciscounified_customer_voice_portalMatch8.0\(1\)

ciscounified_customer_voice_portalMatch8.5\(1\)

ciscounified_customer_voice_portalMatch9.0

VendorProductVersionCPE
ciscounified_customer_voice_portal3.0cpe:/a:cisco:unified_customer_voice_portal:3.0:sr1::
ciscounified_customer_voice_portal7.0cpe:/a:cisco:unified_customer_voice_portal:7.0:::
ciscounified_customer_voice_portal8.0%281%29cpe:/a:cisco:unified_customer_voice_portal:8.0%281%29:::
ciscounified_customer_voice_portal9.0cpe:/a:cisco:unified_customer_voice_portal:9.0:::
ciscounified_customer_voice_portal4.0%282%29cpe:/a:cisco:unified_customer_voice_portal:4.0%282%29:sr1::
ciscounified_customer_voice_portal4.1cpe:/a:cisco:unified_customer_voice_portal:4.1:::
ciscounified_customer_voice_portal3.6%2810%29cpe:/a:cisco:unified_customer_voice_portal:3.6%2810%29:es01::
ciscounified_customer_voice_portal8.5%281%29cpe:/a:cisco:unified_customer_voice_portal:8.5%281%29:::
ciscounified_customer_voice_portal3.0cpe:/a:cisco:unified_customer_voice_portal:3.0:sr2::
ciscounified_customer_voice_portal4.0cpe:/a:cisco:unified_customer_voice_portal:4.0:::

Vendor	Product	Version	CPE
cisco	unified_customer_voice_portal	3.0	cpe:/a:cisco:unified_customer_voice_portal:3.0:sr1::
cisco	unified_customer_voice_portal	7.0	cpe:/a:cisco:unified_customer_voice_portal:7.0:::
cisco	unified_customer_voice_portal	8.0%281%29	cpe:/a:cisco:unified_customer_voice_portal:8.0%281%29:::
cisco	unified_customer_voice_portal	9.0	cpe:/a:cisco:unified_customer_voice_portal:9.0:::
cisco	unified_customer_voice_portal	4.0%282%29	cpe:/a:cisco:unified_customer_voice_portal:4.0%282%29:sr1::
cisco	unified_customer_voice_portal	4.1	cpe:/a:cisco:unified_customer_voice_portal:4.1:::
cisco	unified_customer_voice_portal	3.6%2810%29	cpe:/a:cisco:unified_customer_voice_portal:3.6%2810%29:es01::
cisco	unified_customer_voice_portal	8.5%281%29	cpe:/a:cisco:unified_customer_voice_portal:8.5%281%29:::
cisco	unified_customer_voice_portal	3.0	cpe:/a:cisco:unified_customer_voice_portal:3.0:sr2::
cisco	unified_customer_voice_portal	4.0	cpe:/a:cisco:unified_customer_voice_portal:4.0:::

Rows per page:

1-10 of 131

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:C/A:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

48.8%

JSON

Related for CVE-2013-1222