Vigil@nce - Cisco Unified Communications Manager: WAR file reading
February 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can read WAR files of Cisco Unified Communications
Manager, in order to obtain sensitive information.
Impacted products: Cisco CUCM
Severity: 2/4
Creation date: 13/02/2014
DESCRIPTION OF THE VULNERABILITY
The Cisco Unified Communications Manager product offers a web
service.
However, the access to WAR archives does not require an
authentication.
An attacker can therefore read WAR files of Cisco Unified
Communications Manager, in order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-Unified-Communications-Manager-WAR-file-reading-14252