CVE-2013-1221
Last modified
CVE-2013-1221 is a vulnerability of currently unknown severity. The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.. EPSS estimates a 3.44% chance of exploitation in the next 30 days.
Description
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Cisco | Unified Customer Voice Portal | <= 9.0\(1\) | — |
| Cisco | Unified Customer Voice Portal | 3.0 | Sr1 |
| Cisco | Unified Customer Voice Portal | 3.6\(10\) | Es01 |
| Cisco | Unified Customer Voice Portal | 4.0 | — |
| Cisco | Unified Customer Voice Portal | 4.0\(2\) | — |
| Cisco | Unified Customer Voice Portal | 4.1 | — |
| Cisco | Unified Customer Voice Portal | 7.0 | — |
| Cisco | Unified Customer Voice Portal | 7.0\(2\) | — |
| Cisco | Unified Customer Voice Portal | 8.0\(1\) | — |
| Cisco | Unified Customer Voice Portal | 8.5\(1\) | — |
| Cisco | Unified Customer Voice Portal | 9.0 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-1221?
How severe is CVE-2013-1221?
How do I fix CVE-2013-1221?
Are you affected by CVE-2013-1221?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST