Описание
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.
Уязвимые конфигурации
Конфигурация 1Версия до 9.0\(1\) (включая)
Одно из
cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr1:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr2:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_customer_voice_portal:3.6\(10\):es01:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_customer_voice_portal:4.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\(2\):sr1:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_customer_voice_portal:4.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_customer_voice_portal:7.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_customer_voice_portal:7.0\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_customer_voice_portal:8.0\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_customer_voice_portal:8.5\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_customer_voice_portal:9.0:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06261
Низкий
10 Critical
CVSS2
Дефекты
CWE-16
Связанные уязвимости
github
больше 3 лет назад
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.
EPSS
Процентиль: 91%
0.06261
Низкий
10 Critical
CVSS2
Дефекты
CWE-16