Data Privacy Alerts ,

Towerwall Information/Vulnerability Alert Vol 13.69: Cisco Security Notice

By Michelle Drolet
20 Mar 2014

Cisco Security Notice

Cisco WebEx Business Suite HTTP GET Parameters Include Sensitive Information

CVE ID: CVE-2014-0708
Release Date: 2014 March 18 19:07  UTC (GMT)
Last Updated: 2014 March 19 17:58  UTC (GMT)SummaryA vulnerability in Cisco WebEx Business Suite could allow an unauthenticated, remote attacker to view sensitive information transmitted in GET parameters of URL requests.

 

The vulnerability is due to inclusion of sensitive information in URLs as GET parameters. An attacker could exploit this vulnerability by viewing application URL requests that contain the sensitive information in GET parameters.

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0708

 

This vulnerability was reported to Cisco by Jim LaValley.

Affected Products

Product More Information CVSS
Cisco WebEx Meeting Center CSCul98272 5.0/4.8

What Is a Cisco Security Notice?

The Cisco Product Security Incident Response Team (PSIRT) publishes Cisco Security Notices to inform customers of low- to mid-level severity security issues involving Cisco products.

Customers who wish to upgrade to a software version that includes fixes for these issues should contact their normal support channels. Free software updates will not be provided for issues that are disclosed through a Cisco Security Notice.

For additional information about Cisco PSIRT publications, see the Cisco Security Vulnerability Policy athttp://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html

Customers Using Third-Party Support Organizations

Customers may have Cisco products that are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers. For these products, customers should consult their service providers or support organizations to ensure that any applied workaround or fix is the most appropriate in the intended network before it is deployed.

WEB APPLICATION PENETRATION TEST

Web applications have become common targets for attackers. Attackers can leverage relatively simple vulnerabilities to gain access to confidential information most likely containing personally identifiable information.

While traditional firewalls and other network security controls are an important layer of any Information Security Program, they can’t defend or alert against many of the attack vectors specific to web applications. It is critical for an organization to ensure that its web applications are not susceptible to common types of attack.

Best Practice suggests that an organization should perform a web application test in addition to regular security assessments in order to ensure the security of its web applications.

Towerwall Web Application Testing methodology is based on the Open Web Application Security Project (OWASP) methodology.   Call us for more information: 774 204 0700.

This is an opt in security alert list to be removed reply with remove.