Cisco Unified MeetingPlace Multiple Session Weaknesses
High Nessus Plugin ID 70078
SynopsisThe remote web server is running a conferencing application with multiple session weaknesses.
DescriptionAccording to its self-reported version number, the installation of Cisco Unified MeetingPlace hosted on the remote web server may be affected by multiple session weaknesses :
- The application fails to invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie. (CVE-2013-1168)
- When the 'Remember Me' option is used, the application fails to properly verify cookies, which may allow an unauthenticated, remote attacker to impersonate users via crafted login requests. (CVE-2013-1169)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Additionally, the coarse nature of the version information Nessus gathered is not enough to confirm that the application is vulnerable, only that it might be affected.
SolutionUpgrade to 7.1MR1 Patch 2 / 8.0MR1 Patch 2 / 8.5MR3 Patch 1 or later.