Directory Enumeration Vulnerability in Cisco Unified MeetingPlace Web Server
CVE-2011-4232

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Meetingplace
Vendor: CVE Published:; 3 May 2012

Summary

The web server component of Cisco Unified MeetingPlace versions 6.1 and 8.5 exhibits a vulnerability that allows remote attackers to conduct directory name enumeration. This occurs because the server differentiates its responses to directory queries based on the existence of the requested directory. By systematically querying the server, an attacker can obtain a list of valid directory names, potentially exposing sensitive information and leading to further attacks.

References

http://www.securityfocus.com/bid/53432

vdb-entryx_refsource_BID

http://www.cisco.com/en/US/docs/voice_ip_comm/meetingplac...

x_refsource_CONFIRM

Timeline

Vulnerability published
May 3, 2012
Vulnerability Reserved
Nov 1, 2011