Lucene search
CiscoCVE-2014-8025HistoryDec 23, 2014 - 2:59 a.m.
CVE-2014-8025
2014-12-2302:59:05
CWE-200
cisco
web.nvd.nist.gov
20
cve-2014-8025
cisco jabber
guest server
api
html5
remote attackers
sensitive information
network sniffing
http
get
post
bug id cscus19801
nvd
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.003
Percentile
70.6%
The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug ID CSCus19801.
Affected configurations
Node
ciscojabber_guest
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | jabber_guest | * | cpe:2.3:a:cisco:jabber_guest:*:*:*:*:*:*:*:* |
Related
cisco
cisco
Cisco Jabber Guest Server HTML5 Response Disclosure
2015-01-06 21:52:41
cvelist
cvelist
CVE-2014-8025
2014-12-23 02:00:00
prion
prion
Design/Logic Flaw
2014-12-23 02:59:00
nvd
nvd
CVE-2014-8025
2014-12-23 02:59:05
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.003
Percentile
70.6%
Related for CVE-2014-8025