Cookie Settings

We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Other cookies are those that are being identified and have not been classified into any category as yet.

No cookies to display.

Alerts & Reports : Towerwall Information/Vulnerability Alert Vol 13.69: Cisco Security Notice

Cisco Security Notice Cisco WebEx Business Suite HTTP GET Parameters Include Sensitive Information
CVE ID: CVE-2014-0708 Release Date: 2014 March 18 19:07  UTC (GMT) Last Updated: 2014 March 19 17:58  UTC (GMT)SummaryA vulnerability in Cisco WebEx Business Suite could allow an unauthenticated, remote attacker to view sensitive information transmitted in GET parameters of URL requests.The vulnerability is due to inclusion of sensitive information in URLs as GET parameters. An attacker could exploit this vulnerability by viewing application URL requests that contain the sensitive information in GET parameters. http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0708 This vulnerability was reported to Cisco by Jim LaValley. Affected Products
Product More Information CVSS
Cisco WebEx Meeting Center CSCul98272 5.0/4.8
What Is a Cisco Security Notice? The Cisco Product Security Incident Response Team (PSIRT) publishes Cisco Security Notices to inform customers of low- to mid-level severity security issues involving Cisco products. Customers who wish to upgrade to a software version that includes fixes for these issues should contact their normal support channels. Free software updates will not be provided for issues that are disclosed through a Cisco Security Notice. For additional information about Cisco PSIRT publications, see the Cisco Security Vulnerability Policy athttp://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Customers Using Third-Party Support Organizations Customers may have Cisco products that are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers. For these products, customers should consult their service providers or support organizations to ensure that any applied workaround or fix is the most appropriate in the intended network before it is deployed. WEB APPLICATION PENETRATION TEST Web applications have become common targets for attackers. Attackers can leverage relatively simple vulnerabilities to gain access to confidential information most likely containing personally identifiable information. While traditional firewalls and other network security controls are an important layer of any Information Security Program, they can’t defend or alert against many of the attack vectors specific to web applications. It is critical for an organization to ensure that its web applications are not susceptible to common types of attack. Best Practice suggests that an organization should perform a web application test in addition to regular security assessments in order to ensure the security of its web applications. Towerwall Web Application Testing methodology is based on the Open Web Application Security Project (OWASP) methodology.   Call us for more information: 774 204 0700. This is an opt in security alert list to be removed reply with remove.

Related Alerts & Reports

View All Alerts & Reports