CVE-2013-1221

2013-05-0912:31:19

CWE-16

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.007

Percentile

79.7%

JSON

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.

Affected configurations

Nvd

Node

ciscounified_customer_voice_portalRange≤9.0\(1\)

ciscounified_customer_voice_portalMatch3.0sr1

ciscounified_customer_voice_portalMatch3.0sr2

ciscounified_customer_voice_portalMatch3.6\(10\)es01

ciscounified_customer_voice_portalMatch4.0

ciscounified_customer_voice_portalMatch4.0\(2\)

ciscounified_customer_voice_portalMatch4.0\(2\)sr1

ciscounified_customer_voice_portalMatch4.1

ciscounified_customer_voice_portalMatch7.0

ciscounified_customer_voice_portalMatch7.0\(2\)

ciscounified_customer_voice_portalMatch8.0\(1\)

ciscounified_customer_voice_portalMatch8.5\(1\)

ciscounified_customer_voice_portalMatch9.0

VendorProductVersionCPE
ciscounified_customer_voice_portal*cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*
ciscounified_customer_voice_portal3.0cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr1:*:*:*:*:*:*
ciscounified_customer_voice_portal3.0cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr2:*:*:*:*:*:*
ciscounified_customer_voice_portal3.6(10)cpe:2.3:a:cisco:unified_customer_voice_portal:3.6\(10\):es01:*:*:*:*:*:*
ciscounified_customer_voice_portal4.0cpe:2.3:a:cisco:unified_customer_voice_portal:4.0:*:*:*:*:*:*:*
ciscounified_customer_voice_portal4.0(2)cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\(2\):*:*:*:*:*:*:*
ciscounified_customer_voice_portal4.0(2)cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\(2\):sr1:*:*:*:*:*:*
ciscounified_customer_voice_portal4.1cpe:2.3:a:cisco:unified_customer_voice_portal:4.1:*:*:*:*:*:*:*
ciscounified_customer_voice_portal7.0cpe:2.3:a:cisco:unified_customer_voice_portal:7.0:*:*:*:*:*:*:*
ciscounified_customer_voice_portal7.0(2)cpe:2.3:a:cisco:unified_customer_voice_portal:7.0\(2\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_customer_voice_portal	*	cpe:2.3:a:cisco:unified_customer_voice_portal::::::::
cisco	unified_customer_voice_portal	3.0	cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr1::::::
cisco	unified_customer_voice_portal	3.0	cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr2::::::
cisco	unified_customer_voice_portal	3.6(10)	cpe:2.3:a:cisco:unified_customer_voice_portal:3.6\(10\):es01::::::
cisco	unified_customer_voice_portal	4.0	cpe:2.3:a:cisco:unified_customer_voice_portal:4.0:::::::*
cisco	unified_customer_voice_portal	4.0(2)	cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\(2\):::::::*
cisco	unified_customer_voice_portal	4.0(2)	cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\(2\):sr1::::::
cisco	unified_customer_voice_portal	4.1	cpe:2.3:a:cisco:unified_customer_voice_portal:4.1:::::::*
cisco	unified_customer_voice_portal	7.0	cpe:2.3:a:cisco:unified_customer_voice_portal:7.0:::::::*
cisco	unified_customer_voice_portal	7.0(2)	cpe:2.3:a:cisco:unified_customer_voice_portal:7.0\(2\):::::::*