CVE-2013-1222

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38379.

Published: May 9, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-1222
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:C/A:N

CWEs:

CWE-16

OWASP TOP 10:

A6 - Security Misconfiguration

Affected Software
References

Software	From	Fixed in
cisco / unified_customer_voice_portal	3.0-sr1	3.0-sr1.x
cisco / unified_customer_voice_portal	4.0(2)	4.0(2).x
cisco / unified_customer_voice_portal	3.6(10)-es01	3.6(10)-es01.x
cisco / unified_customer_voice_portal	4.0(2)-sr1	4.0(2)-sr1.x
cisco / unified_customer_voice_portal	-	9.0\(1\).x
cisco / unified_customer_voice_portal	7.0(2)	7.0(2).x
cisco / unified_customer_voice_portal	8.5(1)	8.5(1).x
cisco / unified_customer_voice_portal	9.0	9.0.x
cisco / unified_customer_voice_portal	4.0	4.0.x
cisco / unified_customer_voice_portal	7.0	7.0.x
cisco / unified_customer_voice_portal	3.0-sr2	3.0-sr2.x
cisco / unified_customer_voice_portal	8.0(1)	8.0(1).x
cisco / unified_customer_voice_portal	4.1	4.1.x

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp

Vulnerability Database

289,599

CVE-2013-1222