Vulnerability Description
The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81713.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Webex Meetings Server | - |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3303Vendor Advisory
- http://www.securityfocus.com/bid/68910Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1030645Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94893
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3303Vendor Advisory
- http://www.securityfocus.com/bid/68910Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1030645Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94893
FAQ
What is CVE-2014-3303?
CVE-2014-3303 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access...
How severe is CVE-2014-3303?
CVE-2014-3303 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3303?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Webex Meetings Server.