CVE-2013-1168

The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
ciscounified_meetingplace
7.0
ciscounified_meetingplace
7.0.1
ciscounified_meetingplace
7.0.2
ciscounified_meetingplace
7.0.2:mr1
ciscounified_meetingplace
7.0.3
ciscounified_meetingplace
7.0.3:mr2
ciscounified_meetingplace
7.1
ciscounified_meetingplace
7.1:mr1
ciscounified_meetingplace
8.0
ciscounified_meetingplace
8.0:mr1
ciscounified_meetingplace
8.5
ciscounified_meetingplace
8.5.1
ciscounified_meetingplace
8.5.2
ciscounified_meetingplace
8.5.3
𝑥
= Vulnerable software versions
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp