CVE-2013-1222

2013-05-0912:31:19

CWE-16

[email protected]

web.nvd.nist.gov

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:C/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

48.8%

JSON

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38379.

Affected configurations

Nvd

Node

ciscounified_customer_voice_portalRange≤9.0\(1\)

ciscounified_customer_voice_portalMatch3.0sr1

ciscounified_customer_voice_portalMatch3.0sr2

ciscounified_customer_voice_portalMatch3.6\(10\)es01

ciscounified_customer_voice_portalMatch4.0

ciscounified_customer_voice_portalMatch4.0\(2\)

ciscounified_customer_voice_portalMatch4.0\(2\)sr1

ciscounified_customer_voice_portalMatch4.1

ciscounified_customer_voice_portalMatch7.0

ciscounified_customer_voice_portalMatch7.0\(2\)

ciscounified_customer_voice_portalMatch8.0\(1\)

ciscounified_customer_voice_portalMatch8.5\(1\)

ciscounified_customer_voice_portalMatch9.0

VendorProductVersionCPE
ciscounified_customer_voice_portal*cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*
ciscounified_customer_voice_portal3.0cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr1:*:*:*:*:*:*
ciscounified_customer_voice_portal3.0cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr2:*:*:*:*:*:*
ciscounified_customer_voice_portal3.6(10)cpe:2.3:a:cisco:unified_customer_voice_portal:3.6\(10\):es01:*:*:*:*:*:*
ciscounified_customer_voice_portal4.0cpe:2.3:a:cisco:unified_customer_voice_portal:4.0:*:*:*:*:*:*:*
ciscounified_customer_voice_portal4.0(2)cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\(2\):*:*:*:*:*:*:*
ciscounified_customer_voice_portal4.0(2)cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\(2\):sr1:*:*:*:*:*:*
ciscounified_customer_voice_portal4.1cpe:2.3:a:cisco:unified_customer_voice_portal:4.1:*:*:*:*:*:*:*
ciscounified_customer_voice_portal7.0cpe:2.3:a:cisco:unified_customer_voice_portal:7.0:*:*:*:*:*:*:*
ciscounified_customer_voice_portal7.0(2)cpe:2.3:a:cisco:unified_customer_voice_portal:7.0\(2\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_customer_voice_portal	*	cpe:2.3:a:cisco:unified_customer_voice_portal::::::::
cisco	unified_customer_voice_portal	3.0	cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr1::::::
cisco	unified_customer_voice_portal	3.0	cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr2::::::
cisco	unified_customer_voice_portal	3.6(10)	cpe:2.3:a:cisco:unified_customer_voice_portal:3.6\(10\):es01::::::
cisco	unified_customer_voice_portal	4.0	cpe:2.3:a:cisco:unified_customer_voice_portal:4.0:::::::*
cisco	unified_customer_voice_portal	4.0(2)	cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\(2\):::::::*
cisco	unified_customer_voice_portal	4.0(2)	cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\(2\):sr1::::::
cisco	unified_customer_voice_portal	4.1	cpe:2.3:a:cisco:unified_customer_voice_portal:4.1:::::::*
cisco	unified_customer_voice_portal	7.0	cpe:2.3:a:cisco:unified_customer_voice_portal:7.0:::::::*
cisco	unified_customer_voice_portal	7.0(2)	cpe:2.3:a:cisco:unified_customer_voice_portal:7.0\(2\):::::::*