SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Cisco Hosted Collaboration Solution Vendors:   Cisco
Cisco Hosted Collaboration Mediation Fulfillment Directory Traversal Flaw Lets Remote Authenticated Users View Files on the Target System
SecurityTracker Alert ID:  1036718
SecurityTracker URL:  http://securitytracker.com/id/1036718
CVE Reference:   CVE-2016-6370   (Links to External Site)
Date:  Sep 1 2016
Impact:   Disclosure of system information, Disclosure of user information
Vendor Confirmed:  Yes  
Version(s): HCM-F 10.6(3) and prior
Description:   A vulnerability was reported in Cisco Hosted Collaboration Mediation Fulfillment. A remote authenticated user can obtain files on the target system.

A remote authenticated user can send a specially crafted HTTP request to trigger an input validation flaw and traverse the directory to view files on the target system.

The vendor has assigned bug ID CSCuz27255 to this vulnerability.

Impact:   A remote authenticated user can obtain files on the target system.
Solution:   No solution was available at the time of this entry.

The vendor advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-hcm

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-hcm (Links to External Site)
Cause:   Access control error, Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC