CVE-2014-8000

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Communications Manager Im And Presence Service
Vendor: CVE Published:; 21 November 2014

Summary

Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://secunia.com/advisories/62558

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Nov 21, 2014
Vulnerability Reserved
Oct 8, 2014