CVE-2013-1222
Last modified
CVE-2013-1222 is a vulnerability of currently unknown severity. The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38379.. EPSS estimates a 1.23% chance of exploitation in the next 30 days.
Description
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38379.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Cisco | Unified Customer Voice Portal | <= 9.0\(1\) | — |
| Cisco | Unified Customer Voice Portal | 3.0 | Sr1 |
| Cisco | Unified Customer Voice Portal | 3.6\(10\) | Es01 |
| Cisco | Unified Customer Voice Portal | 4.0 | — |
| Cisco | Unified Customer Voice Portal | 4.0\(2\) | — |
| Cisco | Unified Customer Voice Portal | 4.1 | — |
| Cisco | Unified Customer Voice Portal | 7.0 | — |
| Cisco | Unified Customer Voice Portal | 7.0\(2\) | — |
| Cisco | Unified Customer Voice Portal | 8.0\(1\) | — |
| Cisco | Unified Customer Voice Portal | 8.5\(1\) | — |
| Cisco | Unified Customer Voice Portal | 9.0 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-1222?
How severe is CVE-2013-1222?
How do I fix CVE-2013-1222?
Are you affected by CVE-2013-1222?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST